PDA

View Full Version : Wave of Fake UPS Emails Spread Trojan



Starbuck
05-02-2011, 12:36 AM
http://img.photobucket.com/albums/v708/starbuck50/new/Wave-of-Fake-UPS-Emails-Spread-Trojan-2.jpg Security researchers from Sophos are seeing a wave of fake emails that masquerade as shipping notifications from UPS and carry a computer trojan as attachment.

The emails bear a subject of "United Parcel Service notification #[random number]" and have spoofed headers to appear as originating from an @ups.com address.

The body consists of an image that mimics a professionally designed email template contains the UPS logo and a copyright footer.

The message displayed on the image reads: "The parcel was sent to your home address. And it will arrive within 3 business days. More information and the tracking number are attached in document below."

The image technique was used in order to bypass spam filters that analyze textual content, although more complex anti-spam systems, especially cloud-based ones, will catch it without much trouble.

The attached file is called USPS_Document.zip and contains a trojan installer detected by Sophos as Troj/Agent-QGH.

"If you are one of the many people seeing this malware attack in your email this morning, please do not click on the attachment even if you are waiting for a package to be delivered.

"Instead, simply delete the email and your computer will be safe," advises Graham Cluley, senior technology consultant at Sophos.

Package delivery notifications are a common lure to trick users into opening infected email attachments and the fact that malware distributors continue to use it after so many years suggests that it is still effective enough.

Just last week we reported about emails carrying a variant of the SpyEye banking trojan that posed as failed delivery notifications from a shipping company called Post Express Service.

There are even multi-lingual campaigns adopting this theme. We previously reported about fake DHL emails distributing malware written in German and Spanish.


Source:
Wave of Fake UPS Emails Spread Trojan - Softpedia (http://news.softpedia.com/news/Wave-of-Fake-UPS-Emails-Spread-Trojan-182646.shtml)

Jelly Bean
05-02-2011, 10:18 AM
This one has been going for at least three months.I have warned people but again they still click the attachment.

Plastic Nev
07-02-2011, 10:23 PM
Unfortunately the world is full of trusting folk who fall for these. If there weren't the scammers would have given up a long time ago.

There is also a very well put together one purporting to have come from the Halifax bank. Unfortunately I deleted mine so no copy to show how well put together it is. Any one not in the know who does have a Halifax account would fall for it.
The only clue it isn't genuine, is that it is only addressed to my E Mail address, not me personally.
Also, though I do have a Halifax account, Halifax do not have my E Mail address.
They even cheekily said "To prove this is genuine we have included your post code", er, no they hadn't.

To say it again, banks do not send out this sort of E Mail to anyone.
Nev.

BunniLeigh
08-02-2011, 06:26 PM
I seem to get a few of these "bank" emails, even from banks i dont.. well bank with !!!

Starbuck
09-02-2011, 12:29 AM
I've had a couple from Banks i've never banked with as well.
They're a right PITA.

neill10
09-02-2011, 08:09 AM
I get banks, all that is except the one I do bank with but thats as nothing to the messages from the F.B.I and the UN telling me that my inheritance money may now be sent.:rolleyes:

RandyL
11-02-2011, 12:17 PM
Good one neill. :p

Plastic Nev
13-02-2011, 05:14 PM
My MSN junk mail box gets loads of them, plus all the stuff from so called medical suppliers. Being unmarried, I have no use for 'em.

The important thing to remember is "does the genuine organisation have my e mail address?" In the case of UPS or other postal and parcel services, quite unlikely.
They may have your real street address, but if they tried to deliver a parcel, they always put a notice through the letter box, "Did I find one on the matt?" if no and you know that you have never given out your e mail, it has got to be a scam.
Nev.

Starbuck
13-02-2011, 05:57 PM
plus all the stuff from so called medical suppliers. Being unmarried, I have no use for 'em.
I take you are referring to Via*** ?
This is very odd, but i never get any of those emails .... but my wife gets them all the time!!
Very odd. :confused:

neill10
13-02-2011, 06:28 PM
Tell her she must swollow them quickly or get a stiff neck:p

Starbuck
14-02-2011, 10:43 AM
http://fc06.deviantart.com/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif