USPS Name Abused within Craftily Created Spam Campaign
According to researchers from GFI Software the security company, spammers are using the infamous PDF malware within their maliciously-crafted e-mails that pose as being sent from USPS. Softpedia.com published this on November 11, 2011.
Addressing recipients of the e-mail, the spam mail supposedly from USPS regretfully tells the reader that the company couldn't hand over the postal parcel he had dispatched on September 19, 2011 as the address where it was to be given didn't exist. The message finally requests the reader to find an attachment in the e-mail, which apparently contains the shipment sticker followed with taking its print out, and collecting the parcel from the postal service's office.
But, upon opening this attachment, which contains a file named USPS report.pdf, that when downloaded as well as run, however, produces malware. This malware subsequently begins infecting by connecting to one particular IP address, which works like a step.exe executable, in reality a FakeSysDef variant.
Eventually the malware's infection component detected as Trojan.Win32.Generic!BT proves as destructive since it pulls down additional malware, posts info online alternatively, executes other instructions obtained from its controller.
And like in many instances, FakeSysDef attempts at linking with certain Russian domains.
Therefore, researchers at GFI recommend that recipients of such e-mails should overlook the messages, particularly incase they have not conducted any transaction with the company. If wanting to confirm, they should contact the so-called e-mail writer via phoning up their office rather than answer back the e-mail. GFI Labs Blog published this on November 10, 2011.
Furthermore, as Black-Friday, Cyber-Weekend followed with Cyber-Monday and certainly the vacation period nearly starting, and most people at all places shopping online, one should be prepared for receiving such attacks that could further increase during the approaching days/weeks. Incidentally, these kinds of attacks aren't unknown, although several people are still getting victimized, so GFI experts suggest Internet-users to get wary.
Conclusively, cyber-criminals exploiting USPS' name in their malware scams isn't new. During October 2011, e-mails that supposedly stated that USPS failed to hand over parcels were identified while they contaminated users' PCs with fresh version of the Dofoil Trojan.
» SPAMfighter News - 21-11-2011