'Shipping confirmation' malware.

Filed Under: Malware, SophosLabs

On the surface things would appear to have been fairly quiet so far today. Not too many samples requiring attention and not much in the way of new, aggressive spam campaigns. But in terms of malware distribution, today has just been business as usual. Thankfully proactive detections are thwarting the attackers' efforts.

The mass-spamming of Bredo variants has continued all morning, messages now using a shipping confirmation theme as it evolves from the previous DHL, UPS messaging.

The message within the spam entices the recipient to open the ZIP attachment, for example:

Thankfully, Sophos customers are protected from this threat - in addition to blocking the messages as spam, the malware itself is proactively detected (as Mal/Bredo-A, Mal/BredoZp-A and Troj/BredoZp-C).

If the malware where to be executed on an unprotected machine, it proceeds to report home for further commands. This 'callhome' would be blocked for customers running the Sophos web appliance - the remote site is already known and classified as a known C&C point. Job done.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s