Jun

19

Malware Spam Uses OFAC as Bait

Posted by at 12:02 pm on June 19, 2010
Category: OFAC

OFAC SpamCommercial computer security firm Sophos reports the recent appearance of spam emails that attempt to get the recipient to click on an Excel file attachment described as a “report of the declined deposit by OFAC.” If the attachment is opened, it delivers as its payload a variant of the Koobface malware which, once it installs itself on the victim’s computer, attempts to harvest financial and other confidential data and allows the computer to be controlled remotely as part of a botnet. The sender’s address is often spoofed and appears to be coming from the Treasury Department.

Most readers of this blog, however, would probably have had their suspicions alerted by the description of the attachment as a “report of the declined deposit by OFAC.” OFAC, of course, doesn’t decline deposits. Banks and financial institutions do. OFAC’s only role is to penalize banks that fail to decline or block deposits when required to do so by OFAC’s rules.

So now you can add malware protection to the list of the many invaluable services provided by this blog to its readers!

Permalink

Bookmark and Share

Copyright © 2010 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

5 Comments:

One can understand why some folks would be misled: Everything OFAC puts out is destructive.

Comment by Hillbilly on June 22nd, 2010 @ 9:49 am

Hillbilly, I’ve admired your insightful albeit irreverent legal analyses here at the blog. You certainly bring a lot of intellectual horsepower to your legal arguments. And I don’t think we should have any sacred cows. Who knows? Maybe you’re just cracking wise and I didn’t catch the subtlety. That said, I think your remark–whatever the intention–is off the mark, even as rhetorical hyperbole. Having worked at OFAC for six years myself, I saw enough good people and good works to speak out here. I could join you in a laundry list of grievances on everything from the very efficacy of sanctions to the inscrutability of OFAC guidance (and certainly OFAC’s accessibility to the regulated public). Lots of room for genuine and at times withering criticisms. But they do a lot of good countering terrorist financing, and I worked with a lot of fine people whom you paint with that broad brush. No worries, but I felt compelled to weigh in. Peace, John

Comment by John Pisa-Relli on June 22nd, 2010 @ 12:33 pm

Mea culpa.

Comment by Hillbilly on June 22nd, 2010 @ 3:10 pm

John: You are correct that I painted with too broad a brush. I also have known some folks who are good folks but who nonetheless worked there. Their work on terrorist and embargoed country financing is good work, and displays their strength as the primary regulator of the financial industry. Part of their success in regulating the financial industry is derived from their closeness to the financial industry and the care they take to not break it. They take no such care with individuals. I have done pro bono work for a legal foundation that helps Americans of Middle Eastern and South Asian background and I have defended small businesses and individuals caught up in the embargoes, and folks at OFAC are utter trolls when when it comes to dealing with the Persian American community, with whom I have no blood ties, being 12th generation hillbilly, but whom I respect for their fortitude in dealing with two hostile governments. I have seen OFAC ruin people and small businesses, trample on First Amendment rights, and generally act as bullies and tyrants. When it comes to enforcing the embargoes, there are no good words for OFAC: They abuse their power, have no respect for the rule of law, and they are beholden to constituencies other than the American people.

Comment by Hillbilly on June 22nd, 2010 @ 3:29 pm

Points taken, Hillbilly (yer pretty smart fer mountain folk…). One of my clients in private practice got a 602 because he had supposedly filed so many license applications under TSRA that he “must have been up to something”. Made it go away quickly since it was a BS move, but I’ve seen other examples of what I considered to be the heavy hand come out of the Annex, so I don’t challenge your views on that score too strongly. I myself started out humbly in the trenches handling blocked funds cases, and I was known for being a fair interpreter of the rules, always with a view to unblock that which was amenable to unblocking. And I rounded out my second tour there doing high side designations under the narcotics and WMD programs, which was a high note and put me shoulder to shoulder with some amazing people.

Sorry if I came off a bit highhanded, and I appreciate the further observations.

The good news is that what I learned in a decade serving at OFAC, BXA, and ODTC has informed my judgment as an in-house adviser, and hopefully allows me to light an occasional candle amid all the darkness-cursing. John

Comment by John Pisa-Relli on June 22nd, 2010 @ 4:19 pm