Fresh Wave of Fraudulent Spam Mails Identified, Reports Sophos

Security investigators at Sophos have warned of one fresh surge of bogus electronic mails, which are presently circulating online, while targeting unwitting netizens.

The e-mails, which display "United Parcel Service notification #[random number]" as their header, spoof the sender's address as if they've been sent from a @ups.com id.

Moreover, there's a picture in the message body, which imitates an officially-crafted e-mail template that has the logo of UPS as well as a footer that's patented.

States the message against the background picture, the package that has been dispatched to the residence address of the recipient the e-mail reader had intended will return in three working days. However, detail information about the parcel along with its code for tracking can be found from an attachment provided, the message adds.

Meanwhile, the attached document, USPS_Document.zip, actually carries a Trojan-installer that Sophos has detected as Troj/Agent-QGH.

Urges Senior Technology Consultant Graham Cluley at Sophos, anyone who finds this malware assault hitting his e-mail mustn't open the attachment despite that person looking forward to a package delivery. Rather he should erase the e-mail that'll keep his PC safe, he adds. Softpedia.com reported this on February 4, 2011.

Worryingly, the current fake e-mail campaign is the second one during February 2011, which Sophos is alerting regarding a bogus parcel hand over notice.

Previously, on February 1, 2011, the company alerted that scammers were dispatching spam mails that carried a malware-laden compressed attachment and displayed captions like "Post Express Service, Number of recipient's package" and "Post Express Service, Get the Parcel."

Thereafter Cluley commented that Sophos had observed spammers utilize the trick innumerable times, dispatching e-mails apparently from DHL, UPS or FedEx, attempting at making recipients open an attachment or follow a web-link. Net-security.org published this on February 1, 2011.

According to Cluley, the above e-mails merely gave a Trojan malware to the recipients, and the sole reason for cyber-crooks to persistently employ such social engineering for duping Internet-users into downloading malicious software was that it repeatedly proved effective for them.

He concluded that Sophos identified the condensed archive as Troj/BredoZp-BT, while the included malicious program as Troj/Spyeye-R.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 2/12/2011