Royal Mail malware attack distributed via email

Royal Mail malware attack distributed via email

It’s wise to be wary when it comes to unsolicited email, even when the email appears to come from a legitimate organisation.

Today we’re warning internet users to be careful not to be tricked into open attachments that have been spammed out, posing as communication from the British Royal Mail.

Malware email. Click for larger version

A typical email reads:

Royal Mail Group Shipment Advisory

The following 1 piece(s) have been sent via Royal Mail on Mon, 20 Aug 2012 15:43:14 +0530, REF# 5646597645

SHIPMENT CONTENTS: Documents

SHIPPER REFERENCE: PLEASE REFER TO ATTACHED FILE

ADDITIONAL MESSAGE FROM SHIPPER: PLEASE REFER TO ATTACHED FILE

Royal Mail Group Ltd 2012. All rights reserved

It should go without saying that the emails are not connected with the real Royal Mail in anyway, despite them appearing to arrive from noreply@royalmail.com and containing the Royal Mail’s logo.

The cybercriminals who have distributed the attack are hoping that your curiousity will be piqued, and you will be tempted to open the attached ZIP file in the mistaken belief that a parcel is winging its way to you.

Post box. Image from ShutterstockContained within, however, is not a Royal Mail shipping advisory but a file called royal_mail_shipping.exe, detected by Sophos as the Troj/Backdr-HE Trojan horse.

The technique of disguising a malware attack as an email from a delivery company is nothing new, of course. Many internet users will be aware of the attacks we have seen in the past that have pretended to come from the likes of DHL, FedEx and USPS for example.

Chances are that a malware attack that is less likely to be as successful as those which abuse the name of global delivery companies, but there is always the danger that some people will click without thinking and have their computers infected as a result.

British post box image from Shutterstock.