So it turns out the scammers have a new weapon in their arsenal.
According to AusCERT analyst MacLeonard Starkey, Australian companies
are now being targeted by malware delivered on CD ROM. When we say
you've got malware in your inbox, it's no longer a metaphor.

It's quite ingenious, simply because it's unexpected. A CD ROM
arrives, addressed to a company staffer. They pop it in the drive and
it drops a keylogger and all sorts of nasties on to the system.

Because most organisations don't have a policy for physical media,
like CD ROMS, there's a distinct chance this practice has cleaned up
quite a few victims. What's even more disturbing are the costs
involved.

For the first time that I can think of, the bad guys are prepared to
burn malware on to disks and physically mail them to potential
victims. This costs money. And who knows where they're getting their
mailing lists from.

Either way, if you wanted concrete proof that malware is a real
business these days, look no further. Someone out there has allocated
a budget to this activity.

Maybe they've been getting some tips from Sony.

If you want to hear AusCERT's analysis of the Trojan, listen to my
latest podcast.