Parcel service UPS, which has a presence in SA, is being abused in the latest attempt by cyber-criminals to download malware onto computers.
Security vendor Panda Security says its laboratory has detected the appearance of a series of e-mails spoofing the parcel service to spread the Agent.JEN Trojan.
These messages, with subjects like "UPS packet N3621583925", purport to come from the parcel delivery company. The message body informs the recipient that it was impossible to deliver a postal package sent by them and advises them to print out a copy of the attached invoice copy.
The invoice is included in an attached ".zip" file that contains an executable file disguised as a Microsoft Word document with names like "UPS_invoice". However, if the targeted user runs the file, it will introduce a copy of the Trojan into the computer.
The malicious code copies itself to the system, replacing the Userinit.exe file in the Windows operating system. This file runs the Internet Explorer browser, the system interface and other essential processes. For the computer to continue working properly and in order to avoid raising suspicion of the infection, the Trojan copies the system file to another location under the name userini.exe.
"This stealthy behaviour is symptomatic of the current malware dynamic: cyber-crooks are no longer interested in fame or notoriety; they are out to get financial returns as silently as possible," says Jeremy Matthews, head of Panda Security's sub-Saharan operations.
Once downloaded, Agent.JEN connects to a Russian domain - already used by other banker Trojans - and uses it to send a request to a German domain to download a rootkit and adware.
Related stories:
Trojans two-thirds of new malware
Quiet before the storm?
Share