Trojan disguised as UPS delivery note

By on

A series of messages purporting to come from UPS, the world's largest shipping carrier, may in fact harbor the Agent.JEN trojan.

Panda Security is warning email recipients that a series of messages purporting to come from UPS, the world's largest shipping carrier, may in fact harbor the Agent.JEN trojan.

Panda, an anti-virus provider, said the suspicious emails have subject lines such as “UPS packet N3621583925.” The messages claim that it was not possible to deliver a package and advise recipients to print out a copy of an attached invoice.

The “invoice” is a zip file that contains an executable file disguised as a Microsoft Word document – it's typically named “UPS_invoice” or something similar. By running the file, the user unwittingly introduces a copy of the trojan into their computer.

Once downloaded, the code copies itself to the system and replaces the Userinit.exe file in the Windows operating system, which runs Internet Explorer, the system interface and other essential processes.

The trojan then copies the system file to another location (under the name “userini.exe”) and does not interfere with the computer's operation, thereby allaying suspicion.

Dominic Hoskins, a manager with Panda Security said: “Today's malware tactics aim to get financial returns as silently as possible and this particular effort is an obvious manifestation of the current malware dynamics.”

“We had already seen cybercrooks use erotic pictures, Christmas or romantic cards, fake movie trailers and so on as baits to make users run infected files,” he added. “However, it is not usual to see bait like this one.”

Agent.JEN connects to a Russian domain that is already used by other banker trojans and uses it to send a request to a German domain to download a rootkit and adware detected by PandaLabs as Rootkit/Agent.JEP and Adware/AntivirusXP2008 respectively. These increase the risk of further infection.

See original article on SC Magazine US
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
deliverynotesecuritytrojanups

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'
Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role
Telstra to open its 5G network to wholesale customers

Telstra to open its 5G network to wholesale customers

Digital Nation

As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration

Log In

  |  Forgot your password?