11/30/2011

USPS & Royal Mail Package Delivery Emails New Feature: Trojan Malware



Antivirus vendor Sophos via their SophosLabs "Naked Security" blog is bringing news of a massive trojan spam campaign that ties in postal mail delivery--or lack thereof--with an trojan-bearing email. Here's the scoop:

By using a variety of clever subject lines the spams lead people to believe they've missed a package delivery from the USPS or Royal Mail, and so the spammers trick unsuspecting people into opening their malicious trojan-containing email.

Data on this trojan is inconclusive, but right now according to Sophos:
Contained inside the ZIP file is a Trojan horse, detected by Sophos products proactively as Mal/Bredo-Q.
Detection data is also inconclusive and industry-wide detections appear to be hit-or-miss on this with the following software detections:

Antivirus Software Version Detection
avast 6.0.1289.0 yes
AVG 10.0.0.1190 yes
BitDefender 7.2 yes
ESET 6556 no
F-Secure 9.0.16440.0 yes
Kaspersky 9.0.0.837 yes
Norton 20111.2.0.82 no
McAfee 5.400.0.1158 yes
Panda 10.0.3.5 yes
Trend Micro 9.500.0.1008 no
VIPRE 10808 yes


Here are a couple of samples of these emails. (Thanks and credit to Graham Cluley of SophosLabs for these.)

Here's a sample of the USPS fake:


...and a sample of the Royal Mail fake:
If you've gotten one of these, please contact us, oh, and don't open it--or the attachment.