<< Georgia's President Subject of DDoS Attack | Home | New trojan guaranteed to evade detection? >>





July 23, 2008

Botnet Sending Fake UPS Invoices


Spammers are allegedly using a botnet to distribute malware which is disquised as a United Parcel Service invoice.

The spam emails are being sent from the Pushdo botnet, reports Marshal's Trace Team.

UPS Drivers And Union Leaders Protest Excessive Overtime
served by picapp.com
According to security experts from Marshal’s TRACE Team, this latest piece of malicious spam incorporates several elements designed to make the message appear authentic and trick recipients into opening an attached executable file.

“For the unwary or uninitiated, at first glance, the message appears to come from UPS,” warned Phil Hay, lead threat analyst for Marshal TRACE Team. “The subject line of the message provides a seemingly official tracking number and the message itself seems sincere. It suggests that UPS could not deliver a package because the delivery address you supplied was incorrect. The message asks you to print out an invoice and go to the UPS office to collect the package. However, the purpose of the message is malicious. If the attachment is opened, a program will be installed that downloads more malicious components from the web.”

The message includes a ZIP file attachment called ‘ups_invoice.zip’. According to Marshal, the Pushdo botnet often uses ZIP archive files as attachments to hide malicious executable files from automatic email filters. The file inside the ZIP is called ‘ups_invoice.exe’ but displays a Microsoft Word icon in an attempt to make it appear like a harmless Word document.

“The message itself is full of mistakes and poor grammar, which gives it away as illegitimate and malicious,” said Hay. “The subject line misspells the word ‘packet’ and the message provides no contact address for the supposed collection of the package. These kinds of errors should trigger alarm bells with security conscious recipients, even if they have recently ordered a package to be shipped by UPS.”

[Malicious Spammers Deliver Fake UPS Invoices]

Posted in Tech News by #!/usr/bin/geek at 2008-07-23 00:17 ET (GMT-5)

Tags:


Comments
Post a comment

(Required)


(Valid Email Required)

Store my name and email in a cookie so I don't have to enter it again:


Comments are subject to the WyldRyde IRC Network Comment Policy

Links, URLs, and Web Addresses are prohibited!




Use of this form signifies your agreement to the WyldRyde IRC Network Comment Policy!


<< Georgia's President Subject of DDoS Attack | Home | New trojan guaranteed to evade detection? >>





Copyright (C) 1994 - 2008 - WyldRyde IRC Network - All rights reserved.
Advertise on WyldRyde | Link to WyldRyde | Network Terms of Service (Rules) | Donate to WyldRyde
Use of this web site signifies your agreement to the Conditions of Use | Copyright Notices | Privacy Policy

WyldRyde, WyldRyde IRC Network, WyldRyde Corp, WyldRyde Corporation, WyldRyde.org, WyldRyde.net, and WyldRyde Chat Script are trademarks of WyldRyde Corporation. All other trademarks and tradenames are property of their respective owners.