Friday, February 17, 2012

Spammers Modify Content in USPS Spam, Continue to Spread Malware

USPS Head’s up, everyone!

It appears that cybercriminals have switched up the body of the malicious USPS spam messages that they’ve been pumping out for the last few months.

The latest variant we received was titled, “USPS Delivery failure” and did not have a spoofed USPS.com or .gov sender’s address like the other spam messages did. Instead, this bogus USPS message appeared to come from "LilianaLevielle[at]riaa.com".

In addition to the sender address change, cybercrooks opted to use fake tracking numbers in lieu of a failed delivery date.

Here’s a copy of the email:

USPS Spam Email



Dear [EMAIL ADDRESS THAT ISN’T MINE],

Your item delivery tracking number 0720275 has failed. We were unable to deliver the package to the address specified. You can adjust the shipment details online by filling out the form attached to this message. Thank you.

USPS Customer Service®
1-800-ASK-USPS®
Mon-Fri — 8:00am - 8:30pm ET
Sat — 8:00am - 6:00pm ET
Sun/Holidays — Closed

Of course, there’s no “shipment details adjustment form” in the USPS report.zip file that’s attached to the email.

A scan report of the file attachment reveals that it’s housing the Gamarue.B worm, which the same malware being spread by the parking violation spam message we wrote about yesterday.

After it infects a PC, Gamarue.B will modify registry keys to ensure it runs on Windows startup and open a backdoor to download additional malware and allow an attacker to remotely control your PC. Depending on the configuration, Gamarue.B is also known to copy itself to removable drives in order to spread the infection.

If you receive this new USPS spam email, be sure to toss it into your email’s trash folder without downloading or opening any attached files.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment