Spam Mails Render Phony Invoices

According to Security Researchers at computer security firm McAfee, a new attack of malware-infected spam e-mails, pretending to provide a parcel-tracking invoice, has been detected, as reported by ITNews on July 28, 2008.

According to the researchers, the spam message informs the recipient that a parcel sent on July 1, 2008 was not delivered because of some unavoidable reasons. However, the user could now get it by accessing the attached file for documents that would help him to collect the parcel from local post office.

Nevertheless, as soon as the user accesses to the invoice, malware is installed. The attached .zip folder unleashes an .exe Trojan file, which subsequently releases a spyware that steals data from the user for a number of job recruiting Websites. Most of these spam mails feign to be from UPS (United Parcel Service), although the firm has also encountered instances purporting to come from the US customs office.

Meanwhile, according to McAfee, the new trick used in the spam message is coming from the Pushdo botnet. The latest piece incorporates a number of elements that make the e-mail appear genuine and fool recipients into accessing the malicious executable file.

However, according to the researchers, the spam message is full of poor grammar and spelling mistakes. The subject title wrongly spells the word 'packet' and the text gives no address of contact. These errors, therefore, clearly indicate to illegitimate and ill-intended nature of the message. They should also ring alarm bells for a security aware user, even if he has recently asked UPS to deliver a parcel.

McAfee also links to the Pushdo Trojan to another spam attack that claims to deliver the recipient a bogus voucher for a ticket reservation with an airline. Meanwhile, the McAfee Researchers think that the new spam attack will keep arriving for more days. They are therefore suggesting to users that they should neither visit any doubtful URL, nor open any suspicious or unexpected email attachment.

Moreover, according to related news on July 17, 2008, Marshal TRACE found that the Pushdo botnet comprised 125,000 zombie PCs that distributed 16 Million spam mails per day.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 8/6/2008