PandaLabs, Panda Security's anti-malware laboratory, has detected a new campaign that may compromise user security. This new email scam, which coincides with the holiday shopping season, involves a fake FedEx delivery message aimed at tricking users into downloading the Kuluoz.A computer worm and a fake antivirus program called "System Progressive Protection."
The spam message purports to come from FedEx. You can see an example here: http://press.pandasecurity.com/wp-content/uploads/2012/12/FEDEX.jpg
The message contains a link to download a 'receipt' for the user to collect the package that has supposedly been delivered to them. If the user clicks the link, they are taken to a Web page which downloads a .zip file named "Postal Receipt." This file contains an executable file with a Word icon that downloads a variant of the Kuluoz.A worm, which then tries to connect to a remote server to receive commands from attackers and perform several malicious actions on the affected computer, including running files.
Once run, the worm opens the notepad, displaying a blank page to make users believe they are running a legitimate file. In addition, it downloads a fake antivirus program called "System Progressive Protection," which simulates a computer scan. The scan reports a number of infections, and prompts the user to buy the antivirus to remove them. However, this is just a scam aimed at stealing victims' money as none of the reported infections are real, nor is the 'antivirus software.'
A screenshot is available at: http://press.pandasecurity.com/wp-content/uploads/2012/12/System-Progressive-Protection.jpg.
"With the holiday season well underway, cyber-criminals are leveraging this time of the year to spread malicious emails aimed at tricking users and stealing their money," said Luis Corrons, technical director of PandaLabs.
"Once again, cyber-crooks are using social engineering techniques to spread malware," explained Corrons. "Even if users haven't purchased anything and aren't waiting for a delivery, they are curious by nature and keep falling into this type of trap. Holiday seasons like Christmas usually bring an increase in online shopping and present criminals with the opportunity to target a larger than usual number of victims."
PandaLabs advises users against clicking any links included in email messages or running attached files that come from unknown sources. In addition, consumers should have an effective security solution installed capable of detecting both known and new malware strains, like cloud-based Panda Cloud Antivirus, available for free at www.cloudantivirus.com.
Most Popular Stories
- SEO Traffic Lab Celebrate Wins at Digital Marketing Event 'Internet World 2013' in London
- Social Media Initiatives Should Follow Customers' Lead
- Apple CEO: Offshore Units Not a 'Tax Gimmick'
- U.S. Senate Accuses Apple of Large-scale Tax Avoidance
- UTEP Water Recycling Project Wins Venture Titles
- Marketo Makes a Mint in IPO: Stock Shoots Up More than 50 Percent
- Bieber Booed at Billboard Awards
- Crude Oil Up, Gasoline Down
- Austin Startup Compare Metrics Raises $3.5 Million for Expansion
- Why So Many Top 'Car Guys' Are Actually Women