Malware hiding as a UPS tracking email could hit enterprise networks
According to Consumer Reports, and anti-spam company Marshal, there is a new wave of email malware being sent by members of the Darkweb. The Marshal posting shows a screen shot of the email and the attachment icons. This story will also be covered in Episode 10 of the Data Security Podcast, scheduled to post no later than Tuesday on this site.
The email looks like a UPS message about package tracing. A rather common email that people receive every business day.
Except, this message says the package has been delayed, and instructs the victim to open the attached “invoice” and go to the local UPS depot to arrange to receive the package. The attachment is an executable that hides itself with a common Microsoft Word icon, further fooling users.
Once the attachment is opened, the hidden malware is designed to connect the victim’s computer to a Russian server. That server installs a rootkit in the victim’s computer, which can give the attacker total control of the victim’s system, and access to information on that computer, and potentially other computers connected to the compromised system through network shares.
The Consumer report reports that UPS says they “rarely” sends attachments in it’s communications with their customers.
The question remains: Why does UPS need to send attachments at all when sending delivery information? If business users would stick to text-only, non-HTML messages, then users would know to not open attachments, even when they look legit. Plus, the ever growing mobile email users would always be able to read important messages on the go. If you administer an email system, it may be prudent to block .exe files, if you are not doing so already.