Home

A wild malware rollercoaster – over 500% increase

August 15th, 2011 by Avi Turiel | Category: Antivirus, malware | 14 Comments »

The UPS name is once again being used to spread vast amounts of email-attached malware.   The last week has seen an extraordinary increase – over 5.5 times the average level before the outbreak.  The attack closely resembles the large outbreak reported on at the end of March.  The graph below illustrates the increase:

There are numerous versions of the email text – some examples:

Good afternoon!

Dear Client , Recipient’s address is wrong

Please fill in attached file with right address and resend to your personal manager

With best regards , Your USPS .com Customer Services

 

Good afternoon!

Dear User , Delivery Confirmation: FAILED

Please print out the invoice copy attached and collect the package at our department

With respect to you , Your UPS Services

 

GOOD AFTERNOON!

Dear Client , We were not able to delivery the postal package

Please fill in attached file with right address and resend to your personal manager

With Respect , Your UPS .COM

 

ATTENTION!

DEAR CLIENT , RECIPIENT’S ADDRESS IS WRONG

PLEASE PRINT OUT THE INVOICE COPY ATTACHED AND COLLECT THE PACKAGE AT OUR DEPARTMENT

With best wishes , Your USPS .us Customer Services

 

These emails also come with a range of subjects such as:

  • USPS Attention 060532
  • USPS: DELIVER CONFIRMATION – FAILED 17592718
  • USPS id. 182407
  • USPS DELIVERY CONFIRMATION 7264145
  • From USPS 4009717
  • Your USPS id. 44531036
  • USPS ATTENTION 44123265

In the previous attack the filenames were quite limited – unlike this attack – some examples:

  • “ups_NR9Yl2673.zip”
  • “Ups_NR5pY500268590.zip”
  • “UPS_NR5Da3052.zip”
  • “MyUps_NR9hN8574.zip”
  • “MYUPS_NR5gX736615890.zip”

Reminder: In the last series of attacks the subjects were changed to use the DHL brand a few days after the initial attack.

 

Share and Enjoy:
  • email
  • Print
  • Twitter
  • Digg
  • Facebook
  • StumbleUpon
  • FriendFeed
  • del.icio.us
  • Google Bookmarks
  • LinkedIn
  • Technorati
  • Yahoo! Bookmarks
  • Reddit
Tags: ,
 
  • http://www.softwarepeer.com/antivirus/surge-in-ups-phishing-scams/ Surge in UPS Phishing Scams | Software Peer

    [...] Email security firm CommTouch is reporting a 500% increase in the number of UPS delivery scams. While subject lines and body text vary, the scams all follow a common theme: the emails warn of a failed UPS delivery and include an attachment that purports to be an invoice or resolution form. In fact, the attachment is a trojan that, if opened, will infect your PC with a password stealer and will download additional malware. For details on the latest attack, see: A Wild Malware Rollercoaster. [...]

  • http://precisepaymentsolutions.com/blog/2011/08/16/global-spam-volumes-have-been-declining-since-march/ Global spam volumes have been declining since March « Precise Payment Solutions

    [...] [...]

  • http://www.eweekeurope.co.uk/news/spam-hits-pre-rustock-takedown-levels-37116 Spam Hits Pre-Rustock Takedown Levels | eWEEK Europe UK

    [...] since the end of March, Avi Turiel, director of product marketing at Commtouch, wrote on the Commtouch Café blog. The “extraordinary increase” in email messages with malware attachments began [...]

  • http://crucialpointllc.com/2011/08/recent-spam-outbreak-hits-pre-rustock-takedown-levels/ Recent Spam Outbreak Hits Pre-Rustock Takedown Levels

    [...] since the end of March, Avi Turiel, director of product marketing at Commtouch, wrote on the Commtouch Cafe blog Aug. 15. The “extraordinary increase” in email messages with malware attachments began [...]

  • http://www.bobgourley.com/2011/08/recent-spam-outbreak-hits-pre-rustock-takedown-levels/ Recent Spam Outbreak Hits Pre-Rustock Takedown Levels – Bob Gourley

    [...] since the end of March, Avi Turiel, director of product marketing at Commtouch, wrote on the Commtouch Cafe blog Aug. 15. The “extraordinary increase” in email messages with malware attachments began [...]

  • http://iwebguyblog.wordpress.com/2011/08/17/brace-for-email-attachment-malware-spree/ Brace for email-attachment malware spree « I Web Guy Blog

    [...] The earlier wave used a wider variety of package-delivery services as senders, including FedEx and DHL, but the latest outbreak employs a wider variety of messages such as, “Dear client, recipient’s address is wrong”, “Dear User, Delivery Confirmation: FAILED”, and “Dear Client, We are not able to delivery [sic] the postal package”, according to the Commtouch blog. [...]

  • http://www.stopspamtips.com/recent-spam-outbreak-hits-pre-rustock-takedown-levels/ Recent Spam Outbreak Hits Pre-Rustock Takedown Levels | Stop Spam Tips

    [...] since the end of March, Avi Turiel, director of product marketing at Commtouch, wrote on the Commtouch Café blog Aug. 15. The “extraordinary increase” in email messages with malware attachments [...]

  • http://123linuxtutorials.com/linux-news/brace-for-email-attachment-malware-spree/ Brace for email-attachment malware spree « Linux News « 123linux tutorials

    [...] The earlier wave used a wider variety of package-delivery services as senders, including FedEx and DHL, but the latest outbreak employs a wider variety of messages such as, “Dear client, recipient’s address is wrong”, “Dear User, Delivery Confirmation: FAILED”, and “Dear Client, We are not able to delivery [sic] the postal package”, according to the Commtouch blog. [...]

  • http://www.stopspamtips.com/brace-for-email-attachment-malware-spree/ Brace for email-attachment malware spree | Stop Spam Tips

    [...] The earlier wave used a wider variety of package-delivery services as senders, including FedEx and DHL, but the latest outbreak employs a wider variety of messages such as, “Dear client, recipient’s address is wrong”, “Dear User, Delivery Confirmation: FAILED”, and “Dear Client, We are not able to delivery [sic] the postal package”, according to the Commtouch blog. [...]

  • http://hackermuslim.com/2011/08/18/brace-for-email-attachment-malware-spree.html Brace for email-attachment malware spree | HackerMuslim.com

    [...] The progressing call used a wider accumulation of package-delivery services as senders, including FedEx and DHL, though a latest conflict employs a wider accumulation of messages such as, “Dear client, recipient’s residence is wrong”, “Dear User, Delivery Confirmation: FAILED”, and “Dear Client, We are not means to smoothness [sic] a postal package”, according to a Commtouch blog. [...]

  • http://blog.commtouch.com/cafe/antivirus/email-malware-levels-skyrocket/ Email malware levels skyrocket | Commtouch Café

    [...] this week we described a huge malware outbreak with increases of over 500%.  The graph we presented showed a tapering off after the peak of the [...]

  • http://blog.commtouch.com/cafe/malware/the-map-of-love-leads-to-trouble/ The map of love leads to trouble | Commtouch Café

    [...] mid-August we covered a huge email-malware outbreak that mostly included UPS-themed emails. The same malware continues to be distributed as Fedex [...]

  • http://nationalcybersecurity.mobi/recent-spam-outbreak-hits-pre-rustock-takedown-levels/ Recent Spam Outbreak Hits Pre-Rustock Takedown Levels | National Cyber Security

    [...] since the end of March, Avi Turiel, director of product marketing at Commtouch, wrote on the Commtouch Café blog Aug. 15. The “extraordinary increase” in email messages with malware attachments [...]

  • Kathleen

    If you’re ever in doubt about the legitimacy of a UPS email be sure to contact UPS by phone prior to opening it – UPS Phone Number

Notify me of followup comments via e-mail. You can also subscribe without commenting.

 
© Commtouch Café
 | Site by illuminea | Sitemap