UPS trojan strikes again

By on
UPS trojan strikes again

A trojan masquerading as an email notice from UPS, the delivery service, tries to dupe users into clicking on an enclosure to download malware.

A trojan masquerading as an email notice from UPS, the delivery service, tries to dupe users into clicking on an enclosure to download malware.

"It's not a new technique for fooling people into opening a malicious attachment, but clearly the hackers still think it has some legs," wrote Graham Cluley, senior technology consultant at Sophos, in a post on his blog.

The message claims that a package could not be delivered - that is, UPS did not deliver a package because an incorrect destination address was specified.

The trojan is named TrojanSpy.ZBot.DGI (VirusBuster), Trojan-Dropper.Delf (Ikarus) or VirTool:Win32/DelfInject.gen!J (Microsoft), according to email security firm MX Lab.

The "From" address is spoofed and contains "United Postal Service tracking[at]ups[dot]com."

"The trojan hides itself inside the file Invoice_8612112.exe once you have extracted the ZIP archive Invoice_8612112.zip. Names and numbers may vary," said an advisory on the MX Lab blog.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?