Sophos Alerts about FedEx Spam Mails Disseminating Mac Malware

According to Sophos, the security company, new spam mails similar to ones masquerading as well-known courier companies (DHL, Royal Mail of UK, or FedEx) are circulating online but with a change this time as they're being used for disseminating malware meant for Mac computers.

Sophos experts just discovered one bogus FedEx e-mail having the subject line "Pending Parcel for Jonathan." It states that the courier company wants to inform the recipient about a package that is still undelivered since last ten days and which has his name Jonathan Sedebottom as well as the package number MV-45-QA566. FedEx had sent the package to address where it had to be delivered but found no one who could take it, the message notifies.

Although a web-link given in the e-mail is supposed to take onto a site namely fedex.com.ch, in reality, it leads onto somewhere else.

Interestingly, the victim when on a mobile machine clicks that link would receive an error notification, Sophos' security experts observe.

And in case the victim utilizes any desktop browser other than Apple's Safari, he would get one zipped archive having certain Windows program, which the security company identified as Mal/VBCheMan-C apparently a member of the ZeuS/Zbot family.

However, for the victim who browses with Safari, he would get Mac malware impersonating software delivered through the zipped archive.

Initially, the malevolent zipped archive seems as an innocuous Portable Document File (PDF). But, trying to view it produces a warning by the system's OS (operating system) which says that the file named "Scanned_Copy_of_parcel" isn't an authentic file, rather software provided to the user from the Net.

Overlooking this warning followed with opening the PDF document, in reality, produces malware, which Sophos identified to be OSX/LaoShu-A capable of infecting users' computers.

A RAT (remote access Trojan), LaoShu-A seems as a data-grabbing malware more than one that tricks the machine to join certain money-making botnet.

Eventually, like every time, experts urge users for routinely making their OS, anti-virus programs and other software up-to-date for lessening infection possibilities, while eschewing following web-links or opening attachments particularly if either/both arrive via uninvited e-mails.

» SPAMfighter News - 1/28/2014