Fresh Spam Outbreak Purporting to be from UPS Identified
According to Dancho Danchev, a security consultant who works independently, a spam run that masquerades as UPS (United Parcel Service) communication is currently circulating online to deliver malware. Ddanchev.blogpost.com reported this on March 23, 2011.
Importantly, UPS is an organization based in Sandy Springs, Georgia (USA) that delivers packages.
Displaying the header, "United Parcel Service notification," the spam mails fake their sender's address such that they seem to be sent from firstname.lastname@example.org.
The text of the e-mail tells recipients that their parcel was dispatched to the residence address given to UPS, but it'll return in seven days. The tracking code and additional details can be obtained from a given attached file, it adds.
But, the attached file named UPSnotify.rar appears slightly abnormal since it'd have been more appropriate is using .zip. Windows don't provide any local support for file names ending with .rar.
Meanwhile, in the archive, there is one file named UPSnotify.exe that's actually a Trojan installer. This executable when loaded actively takes down and runs more malicious programs on the infected PC.
Remarking about the above assault, Danchev stated that it involved a bogus AV (anti-virus) namely Trojan.FakeAV!gen39, which's one backdoor called Gbot, as also one W32.Pilleuz variant that got detected only occasionally. Softpedia.com reported this on March 24, 2011.
Now, the Pilleuz variant is somewhat interesting because it communicates with hotmail.com, yahoo.com and gmail.com without any reason other than for dissociating researchers from it.
Unluckily, this malware rarely gets detected (detection rate is merely 32.6%).
Wrote Danchev, as guessed, online crooks had begun to input authentic websites into their C&C communication styles so they might weaken researchers' efforts for chasing their malevolent operations. Ddanchev.blogpost.com reported this on March 23, 2011.
Ultimately, it's because of the above kinds of spam runs that malware has remarkably spiked across the Web. PandaLabs a security company released statistics that lend further credence to this statement. According to those statistics, a mean of 73,000 malware sources were identified during 2011 (first trimester) that mainly comprised PC-Trojans. Indeed, Trojans that account for nearly 70% of all malicious programs continue to be the most widespread threat online.
Related article: Fark.com Files Suit against Suspected Hacker from Fox13
» SPAMfighter News - 05-04-2011