madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Spamvertised 'Cancellation of the package delivery' emails serving malware

By | October 19, 2011, 2:11am PDT

Summary: Security researchers from Sophos have intercepted a currently spamvertised malware campaign, impersonating the Royal Mail office.

Security researchers from Sophos have intercepted a currently spamvertised malware campaign, impersonating the Royal Mail office.

Spamvertised subjects include:

  • Error in the delivery address No30173
  • You should come to the Royal Mail office and receive a package
  • Track your shipment No24127
  • Cancellation of the package delivery
  • Track your parcel No9782
  • A package is available for reception
  • Get your parcel No083
  • Error in the delivery address No40046009
  • Error in the delivery address No0633376
  • Delivery Problem
  • Royal Mail Delivery information

Spamvertised message:

Dear customer.A courier did not deliver the package to your address.Reason: The package is too largeInformation about your package is attached to the letter.Read all information carefully and come to the “Royal Mail” office to receive your package.Thank you for your attention.Royal Mail Service.

In this campaign, cybercriminals are enticing end users into downloading and execution a malicious .ZIP attachment currently detected as Mal/BredoZp-B and Mal/EnckPK-AAT (MD5: 6bd53a62c768f7ce8663310ed404b89c).

Users are advised not to interact with suspicious emails, or spam emails in general.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Sophos Plc., Malware, E-mail, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources