Remember, the official OpenBSD CDs carry signatures, too. https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
| The attacks that use physical media (CD-ROMs) are particularly | interesting because they indicate the use of a technique known as | "interdiction", where the attackers intercept shipped goods and | replace them with Trojanized versions. | | One such incident involved targeting participants at a scientific | conference in Houston. Upon returning home, some of the participants | received by mail a copy of the conference proceedings, together | with a slideshow including various conference materials. The | [compromised ?] CD-ROM used "autorun.inf" to execute an installer | that began by attempting to escalate privileges using two known | EQUATION group exploits. Next, it attempted to run the group's | DOUBLEFANTASY implant and install it onto the victim's machine. The | exact method by which these CDs were interdicted is unknown. We do | not believe the conference organizers did this on purpose. At the | same time, the super-rare DOUBLEFANTASY malware, together with its | installer with two zero-day exploits, don't end up on a CD by | accident. | | Another example is a Trojanized Oracle installation CD that contains | an EQUATIONLASER Trojan dropper alongside the Oracle installer. (Page 15.) -- Christian "naddy" Weisgerber na...@mips.inka.de
