1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Wave Of Fake Ups Emails Spread Trojan

Discussion in 'Security Updates' started by starbuck, Feb 4, 2011.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    . Security researchers from Sophos are seeing a wave of fake emails that masquerade as shipping notifications from UPS and carry a computer trojan as attachment.

    The emails bear a subject of "United Parcel Service notification #[random number]" and have spoofed headers to appear as originating from an @ups.com address.

    The body consists of an image that mimics a professionally designed email template contains the UPS logo and a copyright footer.

    The message displayed on the image reads: "The parcel was sent to your home address. And it will arrive within 3 business days. More information and the tracking number are attached in document below."

    The image technique was used in order to bypass spam filters that analyze textual content, although more complex anti-spam systems, especially cloud-based ones, will catch it without much trouble.

    The attached file is called USPS_Document.zip and contains a trojan installer detected by Sophos as Troj/Agent-QGH.

    "If you are one of the many people seeing this malware attack in your email this morning, please do not click on the attachment even if you are waiting for a package to be delivered.

    "Instead, simply delete the email and your computer will be safe    ," advises Graham Cluley, senior technology consultant at Sophos.

    Package delivery notifications are a common lure to trick users into opening infected email attachments and the fact that malware distributors continue to use it after so many years suggests that it is still effective enough.

    Just last week we reported about emails carrying a variant of the SpyEye banking trojan that posed as failed delivery notifications from a shipping company called Post Express Service.

    There are even multi-lingual campaigns adopting this theme. We previously reported about fake DHL emails distributing malware written in German and Spanish.


    Source:
    http:/ ews.softpedia.com ews/Wave-of-Fake-UPS-Emails-Spread-Trojan-182646.shtml
     
    Last edited by a moderator: Feb 4, 2014
    starbuck, Feb 4, 2011
    #1
  3. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    I actually think we have a thread on this a while back. They also use a Fedex and DHS spoof.
     
    BeeCeeBee, Feb 4, 2011
    #2
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Yes that's right.
    This UPS email is currently doing the rounds, so thought it worthwhile to refresh things.
     
    starbuck, Feb 4, 2011
    #3
  5. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    No doubt about it. The thread I referred to is lost in the depths somewhere. :)
     
    BeeCeeBee, Feb 4, 2011
    #4

Share This Page