Starbuck Posted September 28, 2010 Posted September 28, 2010 Security researchers from Vietnamese security vendor Bkis, warn of a new wave of spam emails distributing the Oficla trojan, which pose as package delivery failure notifications from the United States Postal Service (USPS). The rogue messages come with a subject of "USPS Delivery Problem NR#######" (where # is a random digit) and have a spoofed From field to appear as originating from a federal@usps.com address. What sets these emails apart from other Oficla distribution campaigns is the use of an image instead of plain text to deliver the message. This technique attempts to trick simple anti-spam filters. The image shows the logo of the United States Postal Service and an unusually well formulated message that reads: http://img.photobucket.com/albums/v708/starbuck50/Fake-United-States-Postal-Service-Emails-Distribute-Oficla-Trojan-2.jpg "Unfortunately we failed to deliver the postal package you have sent on the 19th of September in time because the recipient's address is erroneous. "Please print out the shipment label attached [uSPSLabel.doc] and collect the package at our office." The attachment is actually called USPSLabelDoc.zip and contains a variant of the Oficla trojan downloader, which as of today has only a 32.6% detection rate on VirusTotal. According to Nguyen Van Sao, malware researcher at Bkis, the trojan drops a file called bfky.ojo in the system32 folder and adds it to the [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell] registry key in order to start on each system reboot. Oficla, also called Sasfis by some vendors, is a family of downloader-type trojans, which are commonly used as distribution platform for other malware; rogue antivirus programs in particular. Source: Fake United States Postal Service Emails Distribute Trojan Downloader - Softpedia Quote Member of:UNITE
Jelly Bean Posted September 28, 2010 Posted September 28, 2010 Very similar to this has been going around for some time now. Asking to download an attached file and then your infected when you do. Quote Rwy'n ceisio fy ngorau......................
Starbuck Posted September 28, 2010 Author Posted September 28, 2010 Very similar to this has been going around for some time now. That's right, it's becoming all to common now. Quote Member of:UNITE
Jelly Bean Posted September 28, 2010 Posted September 28, 2010 I should realy make a thread when I spot these things. All this free FarmVille free cash offer is all a con to.People being hacked and infected. The free FV offer is a hoax and is nothing to do with FaceBook. Quote Rwy'n ceisio fy ngorau......................
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.