Widespread "undelivered package" spam attack delivers Trojans, Sophos warns
February 2011 by Sophos
Sophos is advising computer users to be wary, following the discovery of a widespread malicious spam campaign. Cybercriminals are currently sending out the spam messages – which come attached with a malware infected .zip file – with titles such as ‘Post Express Service. Get the parcel’ and ‘Post Express Service. Number of your parcel’, all followed by random serial numbers.
The message body of the emails typically reads:
Your package has been returned to the Post Express office. The reason of the return is "Error in the delivery address"
Attached to the letter mailing label contains the details of the package delivery. You have to print mailing label, and come in the Post Express office in order to receive the packages.
Thank you. Post Express Support
“We’ve seen spammers use this tactic countless times before, sending messages claiming to be from FedEx, UPS and DHL, attempting to get the recipient to click a link or open a file,” said Graham Cluley, senior technology consultant at Sophos. “Unfortunately, all you’re likely to receive is a Trojan Horse. There’s only one reason why cybercriminals keep using this type of social engineering to fool users into running malware – it’s still working for them. If you receive a message like this, don’t even open the email – delete it right away.”
Sophos detects the ZIP file as Troj/BredoZp-BT and the enclosed malware as Troj/Spyeye-R.