12345

4/30/2012

[Caution] Malicious files disguising as sent logistics services companies


1. Introduction


INCA Internet response team found malicious file disguised as sent from UPS(United Parcel Service).
The contents of e-mail is disguised as an invoice though, it actually delivered 2 malicious files.
Users need to careful on spreading malicious attachment on e-mail or similar security threats.



2. Spreading cases

[Caution] Spreading malicious file with modulated Zeus bot Unicode

[Caution] Detected malicious files disguised as online hotel reservation

Attackers are precisely manipulating to induce users.
Sender, title of email, the name of attachment on e-mail, and its body are being looked like real.


Attached "UPS-Delivery-Confirmation-Alert_April-2012_T2AD5RZR98.zip" contains malicious files.


It contains 2 malicious Zbot Trojans. Once infected, various damage cases can be happen including leaking personal information or being infected by additional malicious files.

3. Summary

Users need to be careful on checking mail box. Especially, executable file(EXE, SCR, COM)s and document files(DOC, TXT, PDF, HWP, XLS, PPT) have great possibility of malicious files. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function.
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.

No comments:

Post a Comment