Did you catch this post from the Homeland Security Blogwatch? [emphasis is mine]
Some e-mails purporting to be from the Homeland Security Department’s intelligence division were fake and contained malicious software.
The e-mails actually originated from Internet addresses in Latvia and Russia, according to a three-page alert from the Homeland Security Department’s counterintelligence unit.
These fake e-mails were sent to officials in the Defense Department and to state and local officials since June. The spyware appears to be criminal, according to the alert. But counterintelligence officials “cannot discount that targeting of DHS partners and DoD personnel may be for other purposes.”
Um… Sounds like pretty standard phishing or bot-hunting stuff to me. So I’m wondering what the “other purposes” may be. Maybe the sinister other purpose is to see if someone in the DoD or state and local officials is stupid enough to open the spyware and reveal some valuable information? But wait – isn’t that exactly the purpose of all spyware? Is it the fact that the emails were purporting to be from DHS (as opposed to say a bank) or that the targeted users were DHS partners and DoD personnel (as opposed to say you or me) that makes this somehow more nefarious? Arguably it’s a higher value target. Although if the source is my bank and the target is me I have a hard time swallowing that argument. However true it may be. The sad truth is that everybody gets phished. Whether or not you get pwned is entirely up to you.
