#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity
|
|
On July 15, we sent out a Security Advisory including Generic Downloader.ab (MTIS08-131-A). This covered a Trojan variant that was mass spammed, purporting to be a UPS invoice. Since then we’ve seen a number of subsequent mass spammings carrying new variants of Spy-Agent.bw, The email message content is similar to the original spam:
———————————-
From: “United Parcel Service”
Subject: [RE] UPS Tracking Number [number]
Body:
Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
Attachment: UPS_INVOICE_[number].zip or invoice_[number].zip
———————————-
Over the past 24 hours we’ve seen other spam runs from “Customs Service” with the attachment “Tax_invoice.zip” as well as “Bill_Tax.zip” attachments from “US Customs Service” and “Rechnung.zip” from “WG: Lastschrift [number]“. The zip attachments contain .EXE files. In order for infection to occur users must open the attached ZIP and then choose to run the executables manually.
Product coverage is being updated for new malware variants as necessary and a follow-up security advisory will be sent soon.
These spam runs may continue over the next few days. Avert Labs reminds readers to practice safe computing, and never to open unexpected email attachments, or follow unexpected URLs; especially from unfamiliar senders.
|
|
I’ve been seeing these daily now, and each time McAfee has not detected it until the next day or day after. We really do need to move to a formal twice-daily DAT release so this sort of thing can be picked up.
Today I received the following e-mail similar to the one Jeanne Ross received. It contained an attachment, supposedly with an e-ticket (which I had not ordered); of course I did not open the attachment:
Good day,
Thank you for using our new service “Buy flight ticket Online” on our website.
Your account has been created:
Your login: info
healingtaoinstitute
com Your password: passC4WR
Your credit card has been charged for $467.08.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the flight ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards,
Dave Holbrook
Southwest Airlines
I agree with the amount of DATs that are released. It def needs to be done over the weekend and once a day just doesn’t cover it in this sort of scenario
We had a couple of the UPS ones come in and it wasn’t until the next day till McAfee detected it. By then it was different ones coming in (customs I think it was)
Yeah, McAfee have been slow to get these detections into the DATs. Doing one DAT per workday is so 1990s. McAfee needs to start pushing out two per day, 7 days a week.
I received one of the UPS e-mails on Tuesday, and today I received a similar e-mail proporting to be from Delta Airlines. It also has a .zip attachment ( E-ticket_N7399294.zip) and says:
Good day,
Thank you for using our new service “Buy flight ticket Online” on our website.
Your account has been created:
Your login: Assistant
Your password: passUTNH
Your credit card has been charged for $434.62.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards,
Celeste Humphrey
Delta Air Lines
AVERT were pretty slow with providing detections for these new variants. Any chance you can speed things up?
Submit your own comments / message for this post