Fake UPS invoices deliver Pushdo botnet package

happygeek 0 Tallied Votes 262 Views Share

Security researchers within the Marshal TRACE Team have warned that malicious spammers are using fake United Parcel Service invoices in order to deliver a malware payload.

Always looking for a new and convincing hook to snare the unsuspecting user into downloading malicious components from the web, this new attack utilises the Pushdo botnet to distribute fake UPS invoices requiring printing in order to claim an 'undelivered' package from the local office.

Of course, the attached executable file called 'ups_invoice.zip' which has an MS Word icon in an attempt to add authenticity is not an invoice at all but rather installs some malware which "seeks to download more malicious components from the web" according to Marshal.

“For the unwary or uninitiated, at first glance, the message appears to come from UPS,” warned Phil Hay, Lead Threat Analyst for Marshal TRACE Team. “The subject line of the message provides a seemingly official tracking number and the message itself seems sincere." However, upon a little closer inspection you might notice that the message is full of spelling mistakes and grammatical errors that would be unlikely to escape from any official UPS outlet.

“The subject line misspells the word packet" Hay reveals "and the message provides no contact address for the supposed collection of the package."

All of which should set alarm bells ringing. Which is just as well considering that the Pushdo botnet is currently estimated to include some 125,000 compromised computers, and is responsible for the distribution of 16 billion spam messages per day according to Marshal’s statistics. Indeed, Pushdo is currently the fourth largest botnet in terms of spam volume...