By Dancho Danchev
Continuing their well proven social engineering tactic of impersonating the market leading courier services, cybercriminals are currently mass mailing tens of thousands of emails impersonating UPS, in an attempt to trick users into clicking on the malicious links found in the legitimate-looking emails.
Once they click on the links, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit.
More details:
By Dancho Danchev
Over the past 24 hours, cybercriminals launched yet another massive spam campaign, impersonating the United Parcel Service (UPS), in an attempt to trick its current and prospective customers into downloading and executing the malicious attachment found in the email. Upon execution, the malware opens a backdoor on the infected host, allowing the cybercriminals behind the campaign to gain complete control over the victim’s host.
More details:
By Dancho Danchev
Over the past 24 hours, cybercriminals spamvertised millions of email addresses, impersonating UPS, in an attempt to trick end users into viewing the malicious .html attachment. Upon viewing, the file loads a tiny iFrame attempting to serve client-side exploit served by the latest version of the Black Hole Exploit kit, which ultimately drops malware on the affected host.
More details:
By Dancho Danchev
Over the past 24 hours, cybercriminals started spamvertising millions of emails impersonating the United Parcel Service (UPS) in an attempt to trick end and corporate users into previewing a malicious .html attachment. Upon previewing it, a tiny iFrame attempts to contact a client-side exploits serving a landing URL, courtesy of the Black Hole web malware exploitation kit.
More details:
By Dancho Danchev
Cybercriminals are currently mass mailing millions of emails impersonating the United Parcel Service (UPS) in an attempt to trick users into downloading and executing the malicious file hosted on a compromised web site.
More details:
By Dancho Danchev
In an attempt to aggregate as much traffic as possible, cybercriminals systematically abuse popular brands and online services. Next to periodically rotating the brands, they also produce professional looking email templates, in an attempt to successfully brand-jack these companies, and trick their customers into interacting with the malicious emails.
Today’s highlight is on a currently spamvertised client-side exploits and malware serving campaign impersonating UPS (United Parcel Service). Once users click on the links found in the malicious email, they’re automatically redirected to a Black Hole exploit kit landing page serving client-side exploits, and ultimately dropping malware on the exploited hosts.
More details:
By Dancho Danchev
Cybercriminals are currently spamvertising millions of emails impersonating United Parcel Service (UPS) in an attempt to trick end and corporate users into clicking on exploits and malware serving links found in the malicious emails. What exploits are they using? How widespread is the campaign? Is it an isolated incident, or is the campaign linked to more malicious activity?
More details:
By Dancho Danchev
Think you received a package? Think again. Cybercriminals are currently spamvertising millions of emails impersonating UPS (United Parcel Service) in an attempt to trick users into downloading the viewing the malicious .html attachment.
More details:
By Andrew Brandt
After a prolonged absence, waves of Trojans distributed as Zipped email attachments have been showing up in our spam traps for a few weeks. The spam messages employ the same hackneyed shipping confirmation pretext as many previous iterations of this scam. This technique’s emergence as a common malware distribution method correlates with the emergence of Trojan-Downloader-Tacticlol.
The messages claim to come from various express shippers, including DHL, UPS, and FedEx, as well as one that may have originated in a malware guy’s imagination: Post Express. And even though the distribution method mimics those used by Tacticlol, the payloads haven’t been limited to that Trojan. This time around, the files belong to a wider variety of malware, including not only several new variants of Tacticlol but also Trojan-Downloader-Karagany, Trojan-Relayer-Highport, and SpyEye.
The Trojans’ icons look like Office documents or Acrobat PDFs, which serve to further convince victims that the file isn’t dangerous. The email attachments — Zip files with names such as tracking.zip, Post_Express_Label.zip or DHL_tracking.zip — aren’t dangerous unless you open the attachment, extract the Trojan, and execute it. But once you do, you’re in for a world of trouble.
By Andrew Brandt
The Tacticlol downloader, responsible for a lot of infections over the past year, propagates in two ways: via drive-by downloads, and as a .zip archive attached to messages. Maybe the spam filtering companies finally caught on to the trick, or maybe the Tacticlol distributors are just trying to mix it up, but the latest sample to come over the transom has me scratching my head.
Like most others, this sample came attached to an email made to look like a message that UPS would never send. Once again, the message tries to convince the recipient that the attached file is a shipping label the recipient needs to open and print before he or she can “receive the parcel.” And, as always, the attachment contains an executable installer for the Trojan.
Dear customer Your parcel has arrived at the post office on October 9. Our Driver was unable to deliver the parcel to your address. To receive a parcel you must go to the nearest UPS office and show your mailing label. Mailing label is attached to this letter. You need to print mailing label, and show it in UPS office to receive the parcel. Thank you for your attention. UPS International Services.
But this time, instead of sending a .zip archive with a .zip extension, they sent a message with a .zip archive that has a .jpg extension. And, yeah, that just doesn’t work.
The file isn’t a JPEG image file. If you try to open it in a browser or an image editor, the editor simply errors out and tells you it isn’t an image file, and the story ends right there. I’m sure some Russian malware distributor has been double-facepalming over the waste of a perfectly good scam. Social engineering: You’re doing it wrong.
