USPS Targeted in E-mail Borne Malware
According to security experts, cyber crooks are once again impersonating United States Postal Service (USPS) so they may install malware onto unwitting end-users' computers, published hyphenet.com in news on August 20, 2013.
Displaying a subject line "Postal label contains detailed information," the USPS related bulk e-mail campaign, following the standard way, informs the recipient about a problem that occurred in handing over a package so he should take down a given attachment containing a file (here named Label_Parcel_ID2564US.zip), which apparently provides the shipping code, necessary for correcting the issue.
Now, if this attached file is pulled down and viewed, it will simply infect the user's PC with malware, which can't be traced, while security company Kaspersky recognizes it as Trojan-Dropper.Win32.Dapato.bcbf.
Alarmingly, just 7 out of 42 antivirus engines from VirusTotal could detect this elusive Trojan, as per Virus Total's scan report.
A minimum of one spam mail sample wrongly spells "couldn't" as 'couldnt' in connection with the message of non-delivery of parcel.
Talking more about the spam run, Postal Inspection Service Spokeswoman Julie Kenney stated that the logo showed the message was a USPS communication, however, said it was a scam. Such she had not seen earlier and that it was quite new, according to her. Chicago.cbslocal.com published this in news on August 26, 2013.
However, for remaining safe from the above spam attack, Internauts are advised that they should just remove the unsolicited e-mail from their inbox and do nothing more with it.
Postal Inspectors further informed that their department was making all efforts towards settling the problem as also disabling the malware.
Anybody wanting to ask regarding a delivery else wanting to report a junk e-mail scam may call 1-800-ASK-UPS else write to firstname.lastname@example.org.
In the meantime, other courier agencies like United Parcel Service too have been targeted with spam runs in recent years. During June 2011, bogus UPS delivery messages were intercepted when Sophos another security company identified them as spreading scareware. The fake e-mails showed a header like "United Parcel Service notification #90294" while spoofed their id so it seemed as one being sent from @ups.com.
» SPAMfighter News - 02-09-2013