Apparently, there can be worse things in the mail than bills. This month multiple big-name shipping vendors have had their brands exploited and used in malware distribution schemes. We have written before about the security dangers of malware, and how even seemingly “safe” web destinations can harbor significant risks. This month our words of wisdom have again been validated, but we won’t say “I told you so,” at least, not again. Email is being used in all of the malware campaigns where DHL, USPS and FedEx branding is being to trick users into downloading and executing malicious files. The large number of Internet users that aren’t especially technically savvy will continue to make low-tech attacks attractive to criminals.
In the FedEx malware attack, recipients receive a letter that appears to announce the impending delivery of a package. However, the only thing that the email is actually signaling delivery of is the need for a computer virus removal service. The message with the subject “FedEx notification #random number” and the message:
Dear customer. The parcel was sent your home address. And it will arrive within 7 business day. More information and the tracking number are attached in document below. Thank you. © FedEx 1995-2011
includes attachments that when executed, attempt to download additional files and steal FTP credentials stored on the infected device.
Criminals in the DHL attack, also executed in March, used a similar technique to distribute their trojan, but apparently did not run spell-check before sending out their malware-laden spam.
In the United States Postal Service malware attack, the spam message appears to be a failed package delivery notification for express mail, with the subject “Post Express Information. Your package is available for pick up.” The message claims that an error in the shipping address caused the package to be returned to the post office, from where it can be retrieved. If users click on the attachment, they will definitely want to return the trojan and scareware that is installed.
Delivery notifications and similar techniques have been used previously in computer attacks. Users have to be aware that caution should be exercised with every link, even those that appear legitimate. How can you protect yourself? Install anti-virus and malware protection and make sure it automatically updates. Any content downloaded should be scanned with a virus scanner and malware protection should be kept current on all systems that access the Internet, including mobile devices.