Royal Mail Spoofed in Malicious Spam Mail

MX Lab the security company has spotted one fresh PC-Trojan being spread through spam mails bearing caption "Mail -Lost/Missing package" while posing as getting sent from the postal service firm Royal Mail Group situated in UK.

The spam mail shows a spoofed id of Royal Mail Group, while chiefly targets owners of co.uk domain. It begins with Mail -Lost/Missing package -UK Customs and Border Protection and proceeds to tell the recipient that Royal Mail recently held back his parcel for reasons like absence of one proper statement-of-sale, invoice, alternatively more necessary documents; one probable violation of trademark; else because the parcel needs one formal entry. The parcel is held at the RM International Mail Branch, which shall inform him about the reason as also the way he can get his parcel back. Meanwhile, he's requested to complete the documents given in an attachment.

The attachment contains one zipped archive labeled Royal-Mail_B0AE39A385.zip while there's one big PDF inside it. However, it delivers the Trojan called Mal/Generic-S, Heuristic.BehavesLike.Win32.Suspicious-BAY.K or Trojan.DownLoader9.22851.

Soon as this Trojan infects any computer, it starts one fresh process, creeps into Windows registry so it may remain permanently on the system, as well as alters firewall policies. It also filches credentials related to Web-browsers and File Transfer Protocol (FTP) clients.

The threat reportedly, became detectible through 4 of VirusTotal's AV solutions.

However, for safeguarding oneself from the above kind of threats, one must ensure he doesn't click web-links else view attachments sent through unsolicited e-mails. Incase he knows Royal Mail alternatively any other courier firm will be sending him something he must ensure the attachment isn't zipped, while the web-links lead onto the authorized site. Further, he must update all of his software programs while run an AV scan on his system.

Meanwhile, in a similar exploitation of postal service brand on the Internet, the United States Postal Service (USPS), during August 2013, was spoofed in spam mails with subject line "Postal label contains detailed information" that told recipients about certain difficulty getting their parcels delivered while directed that they should open a given attachment which actually infected the system with Trojan-Dropper.Win32.Dapato.bcbf.

» SPAMfighter News - 12/11/2013