Overnight Tracking Receipts Carry Trojan

By Matthew Hines  |  Posted 2008-09-02 Print this article Print

A number of security research groups are reporting on a new set of malware threats being disguised as fake overnight parcel tracking receipts.

Along with Fed Ex-themed attacks reported by BitDefender and others, researchers at Sophos have detailed a more generic "Airmail Express" example which aims to lure end users in by e-mailing them the messages which report on false tracking numbers for nonexistent packages but which also carry a Trojan attack.

The notes, delivered via an attachment, report that the involved carrier has not been able to deliver a package for some reason or other while infecting machines with the malicious Trojan (Troj/FakeAle-GN).

The angle has been used before and appears to have become one of the rotating sets of themes being employed by the spam and malware crowd, along with all the time-honored favorites like Viagra advertisements and pump and dump schemes.

The overnight attack might not seem worth mentioning, but for the fact that it is being sent out in extremely high volumes at present. BitDefender reported that some 80 percent of the spam it has seen over the last several days has involved the threat.

"No-one should need reminding, but it's worth reiterating. Always exercise extreme caution and think before opening unsolicited e-mail attachments," said Sophos uber researcher Graham Cluley in a blog post.

And oh yeah, apparently everyone in my old unused hotmail inbox is being spammed by some Chinese manufacturing concern asking them to respond to their special Olympic-themed electronics discounting offer.

Isn't electronic life grand?

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel