Malware hiding as a UPS tracking email could hit enterprise networks

According to Consumer Reports, and anti-spam company Marshal, there is a new wave of email malware being sent by members of the Darkweb. The Marshal posting shows a screen shot of the email and the attachment icons. This story will also be covered in Episode 10 of the Data Security Podcast, scheduled to post no later than Tuesday on this site.

The email looks like a UPS message about package tracing. A rather common email that people receive every business day.

Except, this message says the package has been delayed, and instructs the victim to open the attached “invoice” and go to the local UPS depot to arrange to receive the package. The attachment is an executable that hides itself with a common Microsoft Word icon, further fooling users.

Once the attachment is opened, the hidden malware is designed to connect the victim’s computer to a Russian server. That server installs a rootkit in the victim’s computer, which can give the attacker total control of the victim’s system, and access to information on that computer, and potentially other computers connected to the compromised system through network shares.

The Consumer report reports that UPS says they “rarely” sends attachments in it’s communications with their customers.

The question remains: Why does UPS need to send attachments at all when sending delivery information? If business users would stick to text-only, non-HTML messages, then users would know to not open attachments, even when they look legit. Plus, the ever growing mobile email users would always be able to read important messages on the go. If you administer an email system, it may be prudent to block .exe files, if you are not doing so already.


2 Responses to “Malware hiding as a UPS tracking email could hit enterprise networks”

  1. I got one of these emails and they are in fact originating from the UPS mailing servers. You’d figure they would hire better IT professionals to take care of this crap being a big company and all but no they got something a script kiddie wannabe hacker can do. Thumbs up thier asses.

  2. If you’re ever in doubt about the legitimacy of a UPS email be sure to contact UPS by phone prior to opening it

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: