Once Again Internauts Targeted by UPS-Themed Spam Email Campaigns

Softpedia.com reported on 6th November, 2013 quoting Bart Blaze, Technician and malware Researcher of Panda Security, as "United Parcel Service (UPS) themed spam emails designed to distribute malware resurfaced once again recently".

The malicious emails entitled "UPS Delivery Notification Tracking Number: (random number)" and read as "package delivery confirmation invoice XCBMXDI508XCBMXDI866. Thank you, United Parcel Service".

According to Blaze, there are two mechanisms of malware delivery in this email: a link and an attached file.

Recipients end up with the same malicious file whether they click on the link or download the attachment.

The file appears to be a harmless Microsoft Office document but actually it is a malicious crafted .rtf file that is designed to exploit a couple of vulnerabilities in Microsoft Office (CVE-2012-0158 and CVE-2010-3333).

When the file is executed, Word crashes and some processes are created and another component is dropped into the infected system. The threat creates registry entries and injects itself into the explorer.exe process to stay constant.

Bartblaze.blogspot.ro published a report on 5th November, 2013 quoting Blaze as saying "Once it infects a device, the malware contacts various domains. The reason for these domain names are probably to fool administrators of network who are taking a peek at the packets passing through their appliance".

What are the likely steps that one can take to protect one's own self from this haphazard? One should usually do: firstly, keep one's Windows and Office up-to-date (the exploits employed are generally aged and patched already) and secondly, utilize security software. More technically-savvy Internauts can furthermore make better the security of their Office files by immobilizing macros, ActiveX and blocking external content and administrators of network can block Internet Protocols (IPs) tied to malevolent campaigns.

HELP NET SECURITY published a comment of Blaze on 6th November, 2013 as "Although spammers and authors of malware have attempted the method of attaching a tainted file or reposting a link contained in the email, I have not seen them doing that very much. It's clear that they're proof-testing their potentials by using these exploits. There is no definite way of knowing that how many Internauts have fallen or will collapse for this operation and how many emails were send out".

» SPAMfighter News - 11/12/2013