Phony UPS Emails Used as Bait to Spread Agent.JEN Trojan

    GLENDALE, Calif., July 15 /EMWNews/ -- PandaLabs, Panda Security's

malware analysis and detection laboratory, has detected the appearance of a

series of emails used to spread the Agent.JEN Trojan.



    These messages, with subjects like "UPS packet N3621583925", purport to

come from the package delivery company UPS. The message body informs the

recipient that it was impossible to deliver their postal package and

advises them to print out a copy of the attached invoice copy.



    The invoice is included in an attached ".zip" file that contains an

executable file disguised as a Microsoft Word document with names like

"UPS_invoice". However, if the targeted user runs the file, they will be

introducing a copy of the Trojan into their computer.



    The malicious code copies itself to the system, replacing the

Userinit.exe file in the Windows operating system. This file runs the

Internet Explorer browser, the system interface and other essential

processes. For the computer to continue working properly and in order to

avoid raising suspicion of the infection, the Trojan copies the system file

to another location under the name userini.exe.



    "All of this effort not to be noticed is in consonance with the current

malware dynamic," said Luis Corrons, Technical Director of PandaLabs.

"Cyber-crooks are no longer interested in fame or notoriety; they are out

to get financial returns as silently as possible."



    Finally, Agent.JEN connects to a Russian domain (already used by other

banker Trojans) and uses it to send a request to a German domain to

download a rootkit and an adware detected by PandaLabs as Rootkit/Agent.JEP

and Adware/AntivirusXP2008. This increases the risk of infection even more.



    "We had seen cyber-crooks use erotic pictures, Christmas or romantic

cards, and fake movie trailers as bait to make users run infected files,"

explains Corrons. "However, it is not usual to see baits like this one.

This clearly indicates that cyber-crooks are trying to use baits that do

not raise suspicion to spread their creations."



    More information is available in the PandaLabs blog:

(http://pandalabs.pandasecurity.com/archive/Fake-UPS-Invoice-Email.aspx)

    About PandaLabs



    Since 1990, its mission has been to detect and eliminate new threats as

rapidly as possible to offer our clients maximum security. To do so,

PandaLabs has an innovative automated system that analyzes and classifies

thousands of new samples a day and returns automatic verdicts (malware or

goodware). This system is the basis of collective intelligence, Panda

Security's new security model which can even detect malware that has evaded

other security solutions.



    Currently, 94% of malware detected by PandaLabs is analyzed through

this system of collective intelligence. This is complemented through the

work of several teams, each specialized in a specific type of malware

(viruses, worms, Trojans, spyware, phishing, spam, etc.), work 24/7 to

provide global coverage. This translates into more secure, simpler and more

resource-friendly solutions for clients.



    More information is available in the PandaLabs blog:

http://www.pandalabs.com



    About Panda Security



    Panda Security is one of the world's leading IT security providers,

with millions of clients around the globe and products available in over

twenty languages. Our mission is to keep our customers' information and IT

assets safe from security threats, giving them the most effective

protection with the minimum resource consumption.



    Every day, thousands of new malicious codes are created. To combat this

threat, Panda Security has developed an innovative and unique security

model which can automatically analyze and classify thousands of new malware

samples. This model is collective intelligence and ensures that Panda

Security solutions can protect against far more threats than the products

of any other company. The exceptional detection capacity of collective

intelligence can be put to the test at the Infected or Not website

(http://www.infectedornot.com)



    For more information and evaluation versions of all Panda Security

solutions, visit our website at: http://www.pandasecurity.com/