Malicious Spammers Deliver Fake UPS Invoices
2008-07-17 08:20:00
Malicious Spammers Deliver Fake UPS Invoices
Pushdo Botnet Attempts to Trick Recipients Into Downloading Malicious Components From Web, According to Marshal’s TRACE Team
ATLANTA, GA–(EMWNews – July 17, 2008) – Malicious spammers have used fake United Parcel
Service (UPS) invoices to distribute malware as part of the latest social
engineering ploy to fool unsuspecting recipients into downloading malicious
components from the Web. The new ploy, used in malicious spam emails coming
from the Pushdo botnet, claims to be from UPS and asks recipients to print
out a fictitious invoice to claim a package that could not be delivered.
According to security experts from Marshal’s TRACE Team, this latest
piece of malicious spam incorporates several elements designed to make the
message appear authentic and trick recipients into opening an attached
executable file.
“For the unwary or uninitiated, at first glance, the message appears to
come from UPS,” warned Phil Hay, lead threat analyst for Marshal’s TRACE
Team. “The subject line of the message provides a seemingly official
tracking number and the message itself seems sincere. It suggests that UPS
could not deliver a package because the delivery address you provided was
incorrect. The message asks you to print out an invoice and go to the UPS
office to collect the package. However, the purpose of the message is
malicious. If the attachment is opened, a program will be installed that
downloads more malicious components from the Web.”
The message includes a ZIP file attachment called ‘ups_invoice.zip’.
According to Marshal, the Pushdo botnet often uses ZIP archive files as
attachments to try to hide malicious executable files from automatic email
filters. The file inside the ZIP is called ‘ups_invoice.exe’ but displays a
Microsoft Word icon in an attempt to make it appear like a harmless Word
document.
“The message itself is full of mistakes and poor grammar, which gives it
away as illegitimate and malicious,” said Hay. “The subject line misspells
the word ‘packet’ and the message provides no contact address for the
supposed collection of the package. These kinds of errors should trigger
alarm bells with security conscious recipients, even if they have recently
ordered a package to be shipped by UPS.”
The Pushdo botnet (aka Cutwail) is estimated to comprise 125,000 infected
computers and distribute some 16 billion spam messages per day. According
to Marshal’s statistics, Pushdo is currently the fourth largest botnet in
terms of spam volume, attributable for 9.7 percent. Marshal’s TRACE Team
has tracked spam produced by Pushdo since late 2007.
More information and screenshots of the offending message can be found on
Marshal’s TRACE Centre website —
http://www.marshal.com/trace/traceitem.asp?article=714.
About the Marshal TRACE Team
TRACE (Threat Research and Content Engineering) is a group of Marshal
security analysts who constantly monitor and respond to Internet security
threats through the TRACE website at www.marshal.com/trace. TRACE services
are provided as part of standard product maintenance that includes updates
to Marshal’s unique, proprietary anti-spam technology, SpamCensor. TRACE
analyzes spam, phishing and Internet security trends and provides frequent
automated updates to Marshal customers. It also provides “Zero Day”
security protection against new email and virus exploits the day they
emerge.
About Marshal
Marshal is a global leader in content security across multiple protocols,
enabling organizations to secure their IT environment, protect against
threats and comply with corporate governance needs. Marshal provides
customers with a complete portfolio of policy-driven email and Internet
solutions that integrate content filtering, compliance, secure messaging
and archiving. Forty percent of the Global Fortune 500 companies use
Marshal security solutions to secure their corporate messaging networks and
Web access against internal abuse and external threats such as viruses,
spam and malicious code. More than 7 million users in over 18,000 companies
worldwide use Marshal solutions to protect their networks, employees,
business assets and corporate reputation and to comply with corporate
governance legislation requirements.
Marshal’s Americas headquarters is in Atlanta, Georgia, with corporate
headquarters in London (UK) and offices in Auckland (New Zealand), Houston
(USA), Johannesburg (South Africa), Munich (Germany), Paris (France) and
Sydney (Australia). More information is available at www.marshal.com.
Media Contact: Monica Shaw Carabiner Communications 770-367-9534 [email protected] |
|
Major Newsire & Press Release Distribution with Basic Starting at only $19 and Complete OTCBB / Financial Distribution only $89
Get Unlimited Organic Website Traffic to your Website
TheNFG.com now offers Organic Lead Generation & Traffic Solutions