Bogus invoices from Spammers - beware of fake package receipts
Researchers at McAfee have discovered a malware-laden spam e-mail which uses the cover of a package tracking invoice to trick unsuspecting users.
The e-mail tell the user that a package sent on a recent date, in some cases 1 July, could not be delivered and that the user should open the attached file and collect the package from a local post office.
When the user loads the supposed invoice, the malware attack is launched. The attached .zip archive unloads a .exe Trojan file which then unpacks a spyware program designed to steal user data for several job recruiting sites.
The majority of the messages have attempted to impersonate UPS, although McAfee has also found examples purporting to be from the US Customs Service.
McAfee has linked the same Trojan file to another attack that targets the user with a fraudulent receipt for an airplane reservation.
The company believes that the spam attack will run for a while and is advising users to avoid visiting any suspicious URLs and not to launch any unexpected or suspicious email attachments.
Derrick Cameron, MD of UK based IT firm Eximium comments “this is yet another cunning and cruel e-mail and highlights the need for up to up-to-date anti-virus and anti-spam protection which is regularly updated. It also highlights the need to stay ever vigilant before opening our e-mails.
This entry was posted on Wednesday, September 17th, 2008 at 1:04 pm and is filed under Business Advice, IT Advice, News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
