AppRiver researcher Jonathan French reported uncovering the scam, warning that the criminals have already sent over half a million emails using 116 different compromised domains. French said the bogus UPS invoices are loaded with a malicious link to one of the compromised sites, which when clicked infects the victim's machine with malware
French wrote: "This morning a malware campaign started coming in as fake UPS invoice emails. The messages looked legitimate in their formatting with a standard UPS email. Every link in the message, however, took the user to a compromised website," he wrote
"The URLs themselves used a similar formatting after the compromised domain name, usually including some variation of the UPS domain name in them. The threat is a Kryptik Trojan that is placed using a Java exploit. After clicking on one of the links, the user will be brought to a page telling them they are being redirected. From there, the Java exploit begins and the malware gets installed."
The campaign is one of many phishing scams using the UPS brand to dupe web users. Prior to it a similar scam was detected in September 2012. The campaign targeted Apple fans with bogus emails masquerading as iPhone 5 UPS delivery notifications on the eve of the smartphone's launch.
French said the attacks can be mitigated if employees use common sense and follow basic best practice when using their company email.
"It's always good practice to be cautious of unexpected emails from large retailers or service providers. Most browsers will also show you link URLs in the bottom of the browser windows if you hover over a link without clicking it," he wrote.
"If the URL is taking you to an unknown site or one that does not belong to the email sender, that is usually a red flag that there may be something malicious going on."
No comments:
Post a Comment