The Multi-State Information Sharing and Analysis Center - a government security organization - has issued a warning about a scam from China where hackers are reportedly sending CDs containing malware to state officials.

According to the release, the scheme involves the arrival of a package with a Chinese postmark that includes a message and a CD containing Word files which carry script-based malware. Presumably, the scripts will run when the user accesses them, with the end result being a compromised system.

“The MS-ISAC said preliminary analysis of the CDs indicate they contain Mandarin language Microsoft Word (.doc) files, some of which include malicious Visual Basic scripts,” wrote security researcher Brian Krebs. “So far, State Archives, State Historical Societies, and a State Department of Cultural Affairs have all received letters addressed specifically to them, the MS-ISAC says. It’s not clear if anyone at these agencies was tricked into actually inserting the CD into a government computer.”

To contact the author of this article, email mdonlon@globalspec.com