Christmas Card Steals Privileged Information. Information Security Researchers Fear Cyber Espionage
xperts have identified that a variant of Zeus Trojan was used to install malware in computer systems. When unwary recipients clicked on the greeting card link, they were prompted to open a .zip file.
( January 5, 2011 - -, NM -- Recently,information security professionals identified data breach by cybercriminals. The offenders reportedly sent e-mails to government employees and contracted professionals. The e-mail address was spoofed to make it appear as sent from domain. The e-mail message thanked the staff for their contribution and conveyed greetings for the holidays. The message also contained a greeting card link. While the staff may have overjoyed on receiving e-mail from white house, they were actually victims of a spear phishing attack, wherein sensitive information was stolen from their computers.

Experts have identified that a variant of Zeus Trojan was used to install malware in computer systems. When unwary recipients clicked on the greeting card link, they were prompted to open a .zip file. As users opened the .Zip file, their systems were infected by the Trojan. The Trojan stole passwords and documents such as PDF files, word and excel documents to upload them to a remote server. The server was allegedly based in Belarus.

IT Security experts have expressed the possibility of cyber-espionage as the victims included an Intelligence analyst of Massachusetts State Police, an employee of National Science Foundation's (NSF) Office of Cyber Infrastructure and an employee of Financial Action Task force. The compromised data includes cell-phone intercepts, document on protection national security information and grant applications to NSF for new technologies.

Ironically, the attack comes at a time, when governments across the world are dealing with chaos created by WikiLeaks disclosure. The attack highlights the imminent threat to information security and confidentiality of crucial documents of national interest.
Governments across the world must assess their IT security apparatus and revamp the infrastructure to secure classified documents and information.

Government bodies, intelligence agencies, scientific departments and organizations must regular conduct security evaluation tests through ethical hacking, vulnerability assessment, penetration testing and security audits to mitigate the vulnerabilities prior to their exploitation by hackers. The latest spear phishing attack demonstrates that specially-crafted and targeted e-mails can dupe even security experts and intelligence officials. As such, governments must initiate measures to create information security awareness among employees and cultivate a culture of secured IT practices.

EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. "Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation" as stated by EC-Council's Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.


The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

Press Contact

Steve Graham
6330 Riverside Plaza Ln NW
Suite 210
Albuquerque, NM 87120


Web Site:
Contact Information