redsoxh8r writes "Online criminals have taken to a decidedly low-tech method for distributing the latest batch of targeted malware: mailing infected CDs to credit unions. The discs have been showing up at credit unions around the country recently, a throwback to the days when viruses and Trojans were distributed via floppy disk. The scam is elegant in its simplicity. The potential thieves are mailing letters that purport to come from the National Credit Union Administration, the federal agency that charters and insures credit unions, and including two CDs in the package. The letter is a fake fraud alert from the NCUA, instructing recipients to review the training materials contained on the discs. However, the CDs are loaded with malware rather than training programs."
According to the linked article, the infected CDs were (or at least may have been) part of a penetration test, rather than an actual attack.