Government agencies in both the US and overseas suffered stolen documents and passwords after staff fell for for a bogus Christmas greeting from the Whitehouse that contained malware.

An email sent out on 23 December to an unknown number of recepients, apparently addressed from the Executive Office of the US President, actually directed recipients to a link containing a variant of the ZeuS trojan. Once downloaded, it harvested documents and log-in credentials that were then uploaded to a server in Eastern Europe.

The attack was documented on the blog of Brian Krebs, a former Washington Post reporter turned computer security analyst. He claims that more than 2Gb of documents were collected from a number of victims, which included staff working at both US and international government organisations.

"The attack appears to be the latest salvo from ZeuS malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing both financial data and documents from victim machines," he wrote.

According to Krebs, federal officials who were duped by the message included an intelligence analyst at Massachusetts State Police, an employee at the National Science Foundation’s Office of Cyber Infrastructure, and an official working for the Moroccan government.

The attack bares some resemblance to last year’s Kneber botnet, which also used the ZeuS malware. When discovered by security vendor NetWitness in February 2010, Kneber consisted of approximately 74,000 infected PCs collecting data and login credentials from more than 2,500 organisations.