11/30/2011
USPS & Royal Mail Package Delivery Emails New Feature: Trojan Malware
Antivirus vendor Sophos via their SophosLabs "Naked Security" blog is bringing news of a massive trojan spam campaign that ties in postal mail delivery--or lack thereof--with an trojan-bearing email. Here's the scoop:
By using a variety of clever subject lines the spams lead people to believe they've missed a package delivery from the USPS or Royal Mail, and so the spammers trick unsuspecting people into opening their malicious trojan-containing email.
Data on this trojan is inconclusive, but right now according to Sophos:
Detection data is also inconclusive and industry-wide detections appear to be hit-or-miss on this with the following software detections:Contained inside the ZIP file is a Trojan horse, detected by Sophos products proactively as Mal/Bredo-Q.
| Antivirus Software | Version | Detection |
|---|---|---|
| avast | 6.0.1289.0 | yes |
| AVG | 10.0.0.1190 | yes |
| BitDefender | 7.2 | yes |
| ESET | 6556 | no |
| F-Secure | 9.0.16440.0 | yes |
| Kaspersky | 9.0.0.837 | yes |
| Norton | 20111.2.0.82 | no |
| McAfee | 5.400.0.1158 | yes |
| Panda | 10.0.3.5 | yes |
| Trend Micro | 9.500.0.1008 | no |
| VIPRE | 10808 | yes |
Here are a couple of samples of these emails. (Thanks and credit to Graham Cluley of SophosLabs for these.)
...and a sample of the Royal Mail fake:
