[Ics-security] Fwd: [DOENSM Open List] Another Attack Vector coming back to life.

[Robert Lukens]

FYI:

The following information was forwarded to us by another DOE lab:

  It has come to our attention from another institution that
  someone is attempting another form of phishing attack. A small
  number of people at multiple sites are getting physical mail,
  not email, indicating a possible security issue they should be
  aware of. Details are supposedly included on an enclosed
  DVD. Individuals targeted range from upper management to
  researcher/student assistant. Nobody is safe.

  The DVD contains an executable you are supposed to run that
  contains the details.  In reality it contains a trojan horse
  that snaps a screenshot every few seconds and uploads it to a
  remote command/control site.  The malware runs as the user, and
  isn't picked up by antivirus.


I believe that the likelihood that we will become a target of this
attack is low and that an all-site announcement is not justified at this
time.

Too many alerts will tend to anesthetize our users to more critical
announcements.

If you see any activity like this or have anyone report unusual receipt
of magnetic media, please contact security at jlab.org.

If the likelihood of exposure changes, we will send an all-site alert.

Thanks.

Bob


--
  Robert J. Lukens                       Jefferson Lab
  Computer Security Manager        12000 Jefferson Ave
                                           - Suite # 7
  rlukens at jlab.org               Newport News VA 23606
  757-269-6376                                     USA