Several U.S. state and local government agencies report they have received letters through regular postal mail accompanied by a CD that contains malware. U.S. cyber-security organization, Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a non-public alert to warn other U.S states for the scam.
State Archives, State Historical Societies, and a State Department of Cultural Affairs all report to have received both the letter and CD. The letter was specifically addressed them and arrived in a Chinese postmarked envelope. The envelope contained a, “confusingly worded typed letter with occasional Chinese characters.”
On the CD, there are several Microsoft Word (.doc) files that contain text in the Mandarin language. Some files contained malicious Visual Basic scripts, the MS-ISCA reports.
“This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer”, according to security journalist Brian Krebs, who found out about the scam, on his website. It’s unknown what exactly the Visual Basic scripts do and whether anyone was so curious that the CD was actually inserted in a government computer.