Computer Worm Uses Fake FedEx Delivery Notification Emails to Infect PCs, Warns PandaLabs Fake delivery message takes advantage of holiday shopping season, contains Kuluoz worm and bogus antivirus program
ORLANDO, Fla., Dec. 5, 2012 /PRNewswire/ -- PandaLabs, Panda Security's anti-malware laboratory, has detected a new campaign that may compromise user security. This new email scam, which coincides with the holiday shopping season, involves a fake FedEx delivery message aimed at tricking users into downloading the Kuluoz.A computer worm and a fake antivirus program called "System Progressive Protection."
The spam message purports to come from FedEx. You can see an example here: http://press.pandasecurity.com/wp-content/uploads/2012/12/FEDEX.jpg
The message contains a link to download a 'receipt' for the user to collect the package that has supposedly been delivered to them. If the user clicks the link, they are taken to a Web page which downloads a .zip file named "Postal Receipt." This file contains an executable file with a Word icon that downloads a variant of the Kuluoz.A worm, which then tries to connect to a remote server to receive commands from attackers and perform several malicious actions on the affected computer, including running files.
Once run, the worm opens the notepad, displaying a blank page to make users believe they are running a legitimate file. In addition, it downloads a fake antivirus program called "System Progressive Protection," which simulates a computer scan. The scan reports a number of infections, and prompts the user to buy the antivirus to remove them. However, this is just a scam aimed at stealing victims' money as none of the reported infections are real, nor is the 'antivirus software.'
A screenshot is available at: http://press.pandasecurity.com/wp-content/uploads/2012/12/System-Progressive-Protection.jpg.
"With the holiday season well underway, cyber-criminals are leveraging this time of the year to spread malicious emails aimed at tricking users and stealing their money," said Luis Corrons, technical director of PandaLabs.
"Once again, cyber-crooks are using social engineering techniques to spread malware," explained Corrons. "Even if users haven't purchased anything and aren't waiting for a delivery, they are curious by nature and keep falling into this type of trap. Holiday seasons like Christmas usually bring an increase in online shopping and present criminals with the opportunity to target a larger than usual number of victims."
PandaLabs advises users against clicking any links included in email messages or running attached files that come from unknown sources. In addition, consumers should have an effective security solution installed capable of detecting both known and new malware strains, like cloud-based Panda Cloud Antivirus, available for free at www.cloudantivirus.com.
Since 1990, PandaLabs, Panda Security's malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats. To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda's user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day. This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage. Get more information about PandaLabs and subscribe to its blog news feed at http://www.pandalabs.com. Follow Panda on Twitter at http://twitter.com/Panda_Security and Facebook at http://www.facebook.com/PandaUSA.
SOURCE Panda Security