Widespread 'Undelivered Package' spam attack delivers Trojans: Sophos

by CXOtoday Staff    Feb 02, 2011

CybercriminalsIT security and data protection firm, Sophos, is advising computer users to be wary, following the discovery of a widespread malicious spam campaign. Cybercriminals are currently sending out the spam messages - which come attached with a malware infected .zip file - with titles such as ‘Post Express Service. Get the parcel’ and ‘Post Express Service. Number of your parcel’, all followed by random serial numbers.

“We’ve seen spammers use this tactic countless times before, sending messages claiming to be from FedEx, UPS and DHL, attempting to get the recipient to click a link or open a file,” informed Graham Cluley, senior technology consultant, Sophos.

The message body of the emails typically reads:

“Dear client.

Your package has been returned to the Post Express office.
The reason of the return is “Error in the delivery address”

Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.

Thank you.
Post Express Support”

“Unfortunately, all you’re likely to receive is a Trojan Horse. There’s only one reason why cybercriminals keep using this type of social engineering to fool users into running malware - it’s still working for them. If you receive a message like this, don’t even open the email - delete it right away,” advised Cluley.

Sophos informed that it detects the ZIP file as Troj/BredoZp-BT and the enclosed malware as Troj/Spyeye-R.