The messages tell the user that a package sent on July 1 could not be delivered and that the user should open the attacked file and collect the package from a local post office.
When the user loads the supposed invoice, however, the malware attack is launched. The attached .zip archive unloads a .exe trojan file, which then unpacks a spyware program designed to steal user data for several job recruiting sites.
The majority of the spam messages have attempted to impersonate UPS, though the company has also found examples purporting to be from the US customs service.
McAfee has tied the same trojan to another attack which targets the user with a fraudulent receipt for an airplane reservation.
The company believes that the spam run will continue for several more days and is advising users to avoid visiting any suspicious URLs and not to launch any unexpected or suspicious email attachments.
_(36).jpg&h=140&w=231&c=1&s=0)
_(33).jpg&h=140&w=231&c=1&s=0)
_(37).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
