A wild malware rollercoaster – over 500% increase

by
filed under Antivirus, malware.

The UPS name is once again being used to spread vast amounts of email-attached malware.   The last week has seen an extraordinary increase – over 5.5 times the average level before the outbreak.  The attack closely resembles the large outbreak reported on at the end of March.  The graph below illustrates the increase:

There are numerous versions of the email text – some examples:

Good afternoon!

Dear Client , Recipient’s address is wrong

Please fill in attached file with right address and resend to your personal manager

With best regards , Your USPS .com Customer Services

 

Good afternoon!

Dear User , Delivery Confirmation: FAILED

Please print out the invoice copy attached and collect the package at our department

With respect to you , Your UPS Services

 

GOOD AFTERNOON!

Dear Client , We were not able to delivery the postal package

Please fill in attached file with right address and resend to your personal manager

With Respect , Your UPS .COM

 

ATTENTION!

DEAR CLIENT , RECIPIENT’S ADDRESS IS WRONG

PLEASE PRINT OUT THE INVOICE COPY ATTACHED AND COLLECT THE PACKAGE AT OUR DEPARTMENT

With best wishes , Your USPS .us Customer Services

 

These emails also come with a range of subjects such as:

  • USPS Attention 060532
  • USPS: DELIVER CONFIRMATION – FAILED 17592718
  • USPS id. 182407
  • USPS DELIVERY CONFIRMATION 7264145
  • From USPS 4009717
  • Your USPS id. 44531036
  • USPS ATTENTION 44123265

In the previous attack the filenames were quite limited – unlike this attack – some examples:

  • “ups_NR9Yl2673.zip”
  • “Ups_NR5pY500268590.zip”
  • “UPS_NR5Da3052.zip”
  • “MyUps_NR9hN8574.zip”
  • “MYUPS_NR5gX736615890.zip”

Reminder: In the last series of attacks the subjects were changed to use the DHL brand a few days after the initial attack.

 

One Response

Trackbacks/Pingbacks

  1.  Surge in UPS Phishing Scams | Software Peer
  2.  Global spam volumes have been declining since March « Precise Payment Solutions
  3.  Spam Hits Pre-Rustock Takedown Levels | eWEEK Europe UK
  4.  Recent Spam Outbreak Hits Pre-Rustock Takedown Levels
  5.  Recent Spam Outbreak Hits Pre-Rustock Takedown Levels – Bob Gourley
  6.  Brace for email-attachment malware spree « I Web Guy Blog
  7.  Recent Spam Outbreak Hits Pre-Rustock Takedown Levels | Stop Spam Tips
  8.  Brace for email-attachment malware spree « Linux News « 123linux tutorials
  9.  Brace for email-attachment malware spree | Stop Spam Tips
  10.  Brace for email-attachment malware spree | HackerMuslim.com
  11.  Email malware levels skyrocket | Commtouch Café
  12.  The map of love leads to trouble | Commtouch Café
  13.  Recent Spam Outbreak Hits Pre-Rustock Takedown Levels | National Cyber Security

Leave a Reply

(will not be published)