Sponsored by..

Thursday, 26 June 2014

USPS Express "Parcel Invoice" spam

This fake USPS spam is pretty Old School in its approach:

Date:      Thu, 26 Jun 2014 06:19:42 -0700 [09:19:42 EDT]
From:      USPS Express [notice@uspc.com]
Reply-To:      no-reply@uspc.com
Subject:      Parcel Invoice

Dear Client,

A parcel was sent to our office for you and we have tried to deliver it several times to your address on file.

Attached is the receipt used in sending you the parcel. We advise you to download and reconfirm the address on receipt if its your valid address.

View Receipt Here

Thanks for your cooperation.

Priority Mail Express
USPS.


The link in the email I had was broken, but was attempting to redirect to:
[donotclick]kadoi.gr/shopfine/redir.php
and from there to:
[donotclick]cascadebulldogrescue.org/xmlrpc/invoice.zip

This .zip file contains a malicious executable invoice.com (a .com file.. that really is old school) which has a VirusTotal detection rate of 29/54. The Malwr report shows an attempted connection to klempfrost.zapto.org on 199.21.79.114 (Internap, US). Other automated analysis tools are less conclusive [1] [2].

Recommended blocklist:
199.21.79.114
kadoi.gr
cascadebulldogrescue.org
klempfrost.zapto.org

No comments: