Trojan disguised as UPS delivery note

By
Follow google news

A series of messages purporting to come from UPS, the world's largest shipping carrier, may in fact harbor the Agent.JEN trojan.


Panda Security is warning email recipients that a series of messages purporting to come from UPS, the world's largest shipping carrier, may in fact harbor the Agent.JEN trojan.

Panda, an anti-virus provider, said the suspicious emails have subject lines such as “UPS packet N3621583925.” The messages claim that it was not possible to deliver a package and advise recipients to print out a copy of an attached invoice.

The “invoice” is a zip file that contains an executable file disguised as a Microsoft Word document – it's typically named “UPS_invoice” or something similar. By running the file, the user unwittingly introduces a copy of the trojan into their computer.

Once downloaded, the code copies itself to the system and replaces the Userinit.exe file in the Windows operating system, which runs Internet Explorer, the system interface and other essential processes.

The trojan then copies the system file to another location (under the name “userini.exe”) and does not interfere with the computer's operation, thereby allaying suspicion.

Dominic Hoskins, a manager with Panda Security said: “Today's malware tactics aim to get financial returns as silently as possible and this particular effort is an obvious manifestation of the current malware dynamics.”

“We had already seen cybercrooks use erotic pictures, Christmas or romantic cards, fake movie trailers and so on as baits to make users run infected files,” he added. “However, it is not usual to see bait like this one.”

Agent.JEN connects to a Russian domain that is already used by other banker trojans and uses it to send a request to a German domain to download a rootkit and adware detected by PandaLabs as Rootkit/Agent.JEP and Adware/AntivirusXP2008 respectively. These increase the risk of further infection.

See original article on SC Magazine US

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Apple is releasing updates early in response to AI cyber security concerns

Apple is releasing updates early in response to AI cyber security concerns

Log In

  |  Forgot your password?