Sophos Cautions about Package Deliverers’ E-Mails Containing Malware
Security researchers from SophosLabs report one profuse bulk malware scam spreading through spam mails that's actually created for duping unwitting PC-operators into downloading a Trojan and thereby contaminating their systems.
With different headers, the e-mails look as being sent from FedEX, USPS and the like telling recipients that there's a package, which couldn't be handed over to its supposed owner, and that they can gather more information by viewing an attached ZIP archive.
Further, while the spam mails entice computer-operators in UK and USA into viewing their attachments, the e-mails' versions apparently pose to be from Royal Mail in the case of British-operators and USPS in the case of Americans.
The fake electronic mail apparently from USPS tells the recipient that his parcel is with his local post-office since November 23, 2011 because it couldn't be delivered at the address provided. For collecting the parcel he requires visiting his area's USPS office where he requires submitting his post label that's provided in the e-mail's attachment. Finally the message, by conveying gratitude, signs off from 'USPS Global Service.'
Also likewise the USPS e-mail, the scammed Royal Mail spam mail states that certain courier didn't hand over the parcel at the address provided as it was given incorrect. Moreover, an attached document is provided that carries details regarding the failed hand over that after reading properly, the user may visit the Royal Mail and collect the parcel. Eventually, the e-mail signs off from Customer Service.
Meanwhile, the attachment, a .zip archive contains a Trojan, which Sophos detected as Mal/Bredo-Q. When this archive is run on Windows-PCs, the Trojan copies itself onto the system-directory of Windows followed with customizing the registry for automatic execution whenever the PC is booted. The Bredo Trojan as well links up with distant servers while it also loads additional malware onto the hijacked computer.
Senior Technology Consultant Graham Cluley for Sophos has therefore urged all e-mail recipients getting the current malware-laced e-mail to desist opening the attachment despite any parcel they might be expecting to be handed over rather, they should delete the message instantly. Naked Security published this dated November 30, 2011.
Related article: Spike in Attacks Causes Early Release of Windows Patch
» SPAMfighter News - 07-12-2011