Mac and Windows users targeted with malicious "Failed delivery" emails
Posted on 21.01.2014
A widespread malware delivery campaign in the form of fake "undelivered courier item" emails is targeting both Windows and OS X users, warns Sophos.

The emails in question impersonate a series of existing courier brands such as DHL, FedEx, and the UK Royal Mail, but these malware peddlers have also thought about creating an imaginary service as well, and to create a website for it.

The contents of the emails are nothing new - the potential victim is told that the service is having trouble delivering them a package, and that they should get in touch after checking out the parcel document via a link contained in the email:


Despite the clumsy wording of the email, there are those who will fall for the trick, especially when the cyber crooks use personal information they might have collected or bought from other scammers.

Clicking on the offered link will lead the victims to a website set up by the attackers, which is able to detect whether the visitor uses a mobile browser, Safari, or another desktop browser.

In the first instance, the server delivers an error message, and the user is safe. But if he or she uses a desktop browser, the page serves malware for download.

In the case of desktop browsers which are not Safari, the user is urged to download a ZIP file pretending to be a document with the parcel information, but actually contains an information-stealing Trojan similar to the infamous Zeus malware.

If the user surfs the Internet with Safari, visiting the page will trigger an automatic download of a ZIP file that apparently contains a PDF file. But if the user runs it, OS X detects it for what it really is: a piece of software.


If that is not enough for the user to become suspicious, and he or she ultimately decides to run it, nothing seemingly happens.

But in the background, the malware ("LaoShu") has been installed and begins working.

"LaoShu-A as good as hands control of your Mac over to the attackers, but its primary functions appear to be more closely associated with data stealing than with co-opting you into a traditional money-making botnet," explains Paul Ducklin.

"In other words, the attackers seem more concerned with digging around on your computer for what they can steal than with abusing your computer and your internet connection to aid and abet other cybercriminal activities."

The malware is interested in collecting Word, Excel and Powerpoint files and exfiltrate them to a server run by the attackers, as well as in downloading additional malware that will take screenshots and send them to the server.









Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //