UPS Delivery Problem Spam with Malware Payload Floods In-Boxes Again
This one is not new, but it is still a nasty one. Since yesterday, I have received 8 of these types of messages, all caught by my virus scanner and rendered harmless.
I decided to do a little digging this time around and find out just a little bit more about these messages.
The nasty payload that accompanies these messages is contained in an attached image file with various names that are probably randomly generated. For example, the messages I received had infected JPEG images with the following filenames: 2664423.jpg, 5617431.jpg, 2478363.jpg, 4599357.jpg, 6464145.jpg, 6178909.jpg, 9222752.jpg and 2535916.jpg. If opened, the images look like this:
In addition to displaying the above image, the modified JPEG file will attempt to infect your PC with malware known as “FakeAlert.” At least that is the way my anti-virus application identified it. FakeAlert infects your PC and pops up messages on the user’s screen claiming that the PC is infected with a virus. Kind of ironic, huh? The messages lead victims to believe that they need to register an anti-virus program in order to rid their PC of the infection. As one might suspect, registering the alleged anti-virus program is not free, and the scumbag that sent the message most likely gets a cut of the profits.
The messages I received were sent by a number of mail servers which were probably compromised (“hacked”) by the senders of these messages. The servers that sent the spam messages to me were all located in the U.S., which is a little unusual when compared with most of the other spam I get, but the spammers have evidently found fertile ground on some systems here in the U.S. to spew out their crap from. They can always count on the fact that some system administrator has not properly secured their system or some new bug will come along that will allow them to exploit systems that they are not authorized to use.
This batch is also a bit different since the messages do not have the same bogus claims about a package that was intended for the recipient but was unable to be delivered. This time, it appears the messages are just a sentence or two that was probably scraped from a news site. Really does not make sense to get a message that is supposedly from UPS and contains random news headlines, but this may be a tactic that makes this spam appear more legitimate and have a better chance of bypassing spam filters.
Here are the ones that I received:
|
From: UPS Support, Misty Lelacheur [aerichter@ups.com] Analyst: Higher 2Q home orders for Lennar, KB Home The Most Awesome |
|
From: UPS Manager, Doug Eggleton [philalan@ups.com] Video: The Great Explorer, Part 2 Worker runs over people at Japanese |
|
From: United Parcel Service of America, Deane Schornick [maxxaz@ups.com] Existing home sales weak but supply falls Video: "Female Viagra" |
|
From: UPS PostBox-Manager, Martin Kauffman [fashionseal@ups.com] AP source: White House budget chief stepping down Salazar creates new |
|
From: United Parcel Service of America, Magdalena Scanlon [octf@ups.com] Election Problems Blog Dr. Phil Highlights CBS Investigation Obama |
|
From: UPS PostBox-Manager, Valarie Reinholtz [billcoons@ups.com] Remade in NY: French ex-1st lady has new life NM father, 2 sons die |
|
From: UPS Support, Quincy Cockshot [bawidmaier@ups.com] Emanuel Casts Barton Apology as GOP Philosophy "Shmutz" Report: NYC |
|
From: United Parcel Service of America, Carlene Carridine [mothena@ups.com] Stocks extend gains as China eases currency policy Gulf of Mexico oil |
Posted: 23 June, 2010 in Malicious Spam.
Tags: Attachments, Delivery Problem, NR0549136, NR1200176, NR2399379, NR3813549, NR4419092, NR4475927, NR5866911, NR9707335, United Parcel Service of America, UPS Manager, UPS PostBox-Manager, UPS Support