« No Holiday for E-Crooks | Main | 419er Fails to Win Me As a Friend »

September 09, 2009

Ah, the tricks that malware propagators use to get unsuspecting recipients to open email attachments. For example:

Subject: UPS Delivery problem NR 9133992465.

Hello!

We failed to deliver the postal package you have sent on the 11th of July in time because the addressee's address is inexact.
Please print out the invoice copy attached and collect the package at our department.

United Parcel Service.

Inside the attached file, named Mae4e28ca.zip in the email I saw, is a backdoor Trojan recognized by only 35% of VirusTotal test suites.

The message was rather sloppily done. For instance, the forged From: address made no reference to UPS. I mean, if you're forging, why not do something that adds credibility to your bogus missive? Also, the United Parcel Service does not deliver postal packages (although in rare cases, such as in my ZIP code, they will hand off a parcel to the local Post Office for delivery). And how about that word inexact? Someone just got a new thesaurus. If you screw up an address of a UPS parcel, they'll use far more colorful and direct wording to let you know you're a doofus.

Chalk this one up to yet another attempt to trick recipients to taking action on behalf of the sender to the detriment of the recipient.

UPDATE 1745 PDT: Just saw another one under the guise of DHL Delivery Services. In place of inexact is the more forceful wrong. Attachment on this one was named D36ebd4a3.zip. Attachments for this campaign could be uniquely named per email message.