The old ones are the good ones, as they say: an e-card based malware attack has reportedly uploaded gigabytes of US government data to an unidentified Belarusian server leading up to Christmas.
The greetings card, sent under the premise of being from the White House, linked to two websites which offered downloads. Inside them, perl scripts converted to executables were packaged and proceeded to search the entire hard disk of the infected computer. Any PDF, Excel and Word files were uploaded via FTP to a third server hosted in Belarus but taken offline before anybody could track it down. Victims included workers in the US Government’s Office of Cyber Infrastructure, US Police, the US Financial Action Task Force, and foreign government employees too.
The attack is similar in nature to a botnet uncovered in February 2010, in that the programs used to upload files are virtually identical (in fact, the only difference was the ID of the machine used to compile the application). It appears this one was targeted directly at employees holding sensitive positions in the US Government. While the upload script was said to be the work of a “novice” hacker, its relative effectiveness at spreading through such a simple mechanism to such valuable targets should be a lesson to all.
Full analysis by Krebs on Security.