The SANS Internet Storm Center says it was notified by a representative from Microsolved that the mailing was part of an authorized pen test. The alleged scam is elegant in its simplicity. The letter is a fake fraud alert from the NCUA, instructing recipients to review the training materials contained on the CDs. Of course, the CDs are loaded with malware rather than training programs. The thieves are targeting credit unions, which tend to be smaller, community-based institutions, rather than larger, more sophisticated banks.
Source: https://threatpost.com/malware-infected-cd-mailing-was-part-pen-test-082709/72940/