Phishing attack: Your keyloggers are in the mail

A low-tech approach to phishing has caught a NSW-based organisation after its employees were mailed CD-ROMs containing hidden keylogging software.

While the identity of the organisation has not been revealed, the perpetrators knew their target as the CD-ROMs were addressed to the organisation.

AusCERT (Australian Computer Emergency Response Team) spokesperson Macleonard Starkey told ITRadio.com.au that, once inserted into staff computers, the CDs started a Windows Media Player executable file. In the background, keylogging software was downloaded.

"Because most users have administrative access to their machines, even in corporate networks today, it will usually be dropped straight to the Windows system32 directory, and start up from there. This is a very low-tech scam but it's also a very good one," Starkey said.

He declined to reveal the name of the affected organisation or its industry.

"It's quite likely that this could be carried out by someone who attended a conference and sent some information that relates to someone else," Starkey told ZDNet Australia in a phone interview this morning.

The organisation became aware of the problem after its antivirus software detected the data being sent. It then informed AusCERT which is still examining the malware.

Starkey could not say whether much data was compromised. The scam was a good one as few organisations had control measures in place to guard against this type of attack, he added.

"I don't know of any organisations other than that of Defence that have policies to deal with attacks like this."

AusCERT has seen this type of attack before, but for every one that occurs, "there's probably 20 we don't hear about", he said.

Starkey did not say whether police were investigating the incident.