UPS Spam Emerges Again
According to internet security researchers and analysts, the most current tactic used by malware writers to transmit their malicious software is using unwanted junk e-mails after associating them to parcel delivery company UPS, as reported by cnet news on October 30, 2008.
Security experts said that the most recent malware spreading e-mail has a ZIP file attached in the form of a pictorial message. And as per the text message, the sender first apologizes to the recipient for not being able to deliver the parcel as the postal address was incorrect. The text further says that the postal address was sent by the e-mail recipient on October 19, 2008. The message then says that the recipient could have a copy of the invoice by taking a print out of the attachment provided and then use it to collect the parcel in ten days time otherwise a penalty charge of $6 per day would be imposed on him or her.
Meanwhile, with a ZIP file attached to the fake e-mail, security analysts say that such files are used as a container to send malicious code. And to escape suspicion, a number is given to the ZIP file that also helps it to bypass anti-virus applications. Furthermore, two different file numbers were given to the ZIP files attached to two different messages sent by the malware authors.
While describing his experience on getting one such malicious e-mail, one recipient stated that the ZIP file contained one executable called UPSInvoice_997612.exe. And as the recipient uploaded that executable on his computer's anti-virus system, four of the 36 anti-virus solutions recognized the ZIP file as infected with malware.
With this instance, security experts stated that Windows users must not open a .exe file coming as an e-mail attachment.
Meanwhile, malware authors' exploitation of the name of UPS to distribute malware is not new. In July 2008, Panda Security warned people about a number of messages pretending to come from UPS and aimed to install a malicious Trojan on the victims' system after attaching it with e-mail.
Related article: UBS Employee Faces Sentence For Planting ‘Logic Bomb’
» SPAMfighter News - 14-11-2008