Disguised Attack Vectors??? Maybe, maybe not…

So earlier this week, Monday to be exact, the day before the elections, CG and I got off of our train and noticed DVD’s for McCain and the Rep party on every persons car.  Now just FYI, this train goes to and from DC so most people in the parking lot probably work for some type of government.  CG and I immediately thought of how good of an attack vector this might be as we noticed all kinds of people just grabbing them and getting in the car with them.  How many of those people do you think actually stuck that DVD into their computer?  I don’t know the answer but I would imagine there are at least 500 parking spots and if 10% did play the DVD you could have potentially infected 50 people! !  That’s a pretty good vector if you ask me,  especially under the guise of “campaign propaganda”,  just create a trojan that runs with the movie and let people do the rest.

What I have described so far could be looked at from two points of view.  1.  Someone wanting some shells and possibly some government shells if people took the DVD to work or used it on a computer that VPN’d to work.  Good, fun, easy.  2.  Democrats…  if it were to get out that a DVD for the Rep party was sent out with malware!!!  Wow, what a mess!  Now, for the record I did not do any forensics or testing or watching of this DVD so this is all just my random thoughts but as you can see the possibilities are endless!  Why try to break into somebodys front door when you can just spend a small amount of money to burn a bunch of CD’s or DVD’s and hope someone foolish plays it on their computer.  Thanksgiving and Christmas are coming up soon, a FREE MP3 CD or DVD could hold some potential

Moral of the story:  Scrutinize EVERYTHING, Nothing is as it seems!