Malware Hiding inside Files Attached to USPS Spam

USPSDid you get an email from “USPS Mail” saying that they couldn’t deliver your package and you’ll have to retrieve it within 30 days to avoid penalty fees?

Cybercriminals are giving USPS impersonations another shot in order to plant malware on unsuspecting user machines, and unless the recipient’s computer is protected by 1 of the 7 antivirus programs that are capable of detecting the malware attached to the email, their efforts will definitely not be in vain.

The USPS spam messages, titled “Postal label contains detailed information” follow the typical USPS spam protocol, telling the user that there was a problem delivering a package and instructing them to download an attached file (in this case, Label_Parcel_ID2564US.zip) that supposedly contains the shipping label required to rectify the problem.

Here’s a copy of the USPS spam email:

USPS Postal Label Spam

Notification,

Our company’s courier couldn’t make the delivery of parcel.

Reason Postal code contains an error.
LOCATION OF YOUR PARCEL:KnoxvilleFort
DELIVERY STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL:U746093294 NU
FEATURES: No

Label is enclosed to the letter.
Print a label and show it at your post office.

An additional information:

If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $8.26 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
USPS Global.

Label_Parcel_ID2564US.zip VirusTotal Scan ResultsShould the recipient make the mistake of downloading and opening the file attached, their computer will become infected with an elusive piece of malware that Kaspersky identifies as Trojan-Dropper.Win32.Dapato.bcbf.

One alarming thing discovered about this piece of malware is that according to the scan report from VirusTotal, only 7/42 antivirus applications are capable of detecting Trojan-Dropper.Win32.Dapato.bcbf. Only computers running antivirus by F-Prot, TrendMicro (or TrendMicro Housecall), ClamAV, Kaspersky, Dr. Web, Commtouch will be spared from infection.

What to Do with USPS Spam

If you receive the email outlined above or another one like it (USPS spam is quite common) then it’s strongly recommended that you do the following:

  • Avoid downloading or opening any attached files. (Don’t click on any links within the email either.)
  • Delete the email immediately.

Have you received this USPS spam variant? There are a few of them floating around out there. Feel free to share your experience below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, malware, phishing, spam and tagged , , , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5