FYI...
Fake email - Threat Outbreak Alerts
- http://tools.cisco.com/security/cent...utbreak.x?i=77
Fake FedEx Parcel Delivery Failure Notification Email Message - 2013 Aug 27
Fake Money Transfer Notification Email Messages - 2013 Aug 27
Fake Bank Payment Notice Email Messages - 2013 Aug 27
Fake Account Payment Notification Email Messages - 2013 Aug 27
Fake Bank Payment Transfer Notification Email Messages - 2013 Aug 27
Fake Package Shipping Notification Email Messages - 2013 Aug 27
Fake Business Complaint Notification Email Messages - 2013 Aug 27
Fake Tax Return Information Email Messages - 2013 Aug 27
Email Messages with Malicious Attachments - 2013 Aug 27
Fake Product Purchase Order Request Email Messages - 2013 Aug 27
Fake Tax Documentation Email Messages - 2013 Aug 27
Fake Product Services Specification Request Email Messages - 2013 Aug 27
(More detail and links at the cisco URL above.)
___
UPS Email scam delivers Backdoor
- http://blog.trendmicro.com/trendlabs...vers-backdoor/
Aug 27, 2013 - "... most users can easily detect spammed messages, particularly those that attempt (and fail) at looking like legitimate email notifications... We recently found an email sample spoofing the popular mail courier service UPS. The email poses as a package delivery notification, containing links to the tracking site and .PDF copy of the shipping invoice. This is definitely not the first time we received such an email. However, what makes this spam stand out is the way it hides its true, malicious intent.
> https://blog.trendmicro.com/trendlab...pamrun_825.png
As seen in the email screenshot above, the malware-hosting site is hyperlinked to the legitimate UPS URL where the .PDF version of the shipping invoice can be downloaded. For users, this URL may seem safe; however, when they clicked the URL it leads to the downloading of the malicious ZIP file. To further convince users of its legitimacy, the recipient’s email address were created to closely resemble the actual UPS email address. The ZIP file contains a malicious file which Trend Micro detects as BKDR_VAWTRAK.A. This backdoor steals stored information in several FTP clients or file manager software. In addition, BKDR_VAWTRAK.A also steals email credentials from Outlook, PocoMail, IncrediMail, Windows Live Mail, and The Bat! among others. In order to avoid detection on the system, this backdoor deletes certain registry keys related to Software Restriction Policies... this attack was moderate in number, constituting approximately 1 in every 300-400 thousand spam on the day of the outbreak based on the estimate. To give this a baseline of comparison, the recent Royal Baby spam outbreak consisted of 1 in every 200 spam on the days of that outbreak. This email campaign also appears to be targeting specific organizations, which stresses the importance of social engineering training and how to make it effective in a workplace setting. This includes training like “social” penetration training, which is basically having someone play an attacker and attempt to lure employees via social engineering..."