‘Shipping confirmation’ malware.

On the surface things would appear to have been fairly quiet so far today. Not too many samples requiring attention and not much in the way of new, aggressive spam campaigns. But in terms of malware distribution, today has just been business as usual. Thankfully proactive detections are thwarting the attackers’ efforts.

The mass-spamming of Bredo variants has continued all morning, messages now using a shipping confirmation theme as it evolves from the previous DHL, UPS messaging.

The message within the spam entices the recipient to open the ZIP attachment, for example:

Thankfully, Sophos customers are protected from this threat - in addition to blocking the messages as spam, the malware itself is proactively detected (as Mal/Bredo-A, Mal/BredoZp-A and Troj/BredoZp-C).

If the malware where to be executed on an unprotected machine, it proceeds to report home for further commands. This ‘callhome’ would be blocked for customers running the Sophos web appliance - the remote site is already known and classified as a known C&C point. Job done.

Posted on September 12th, 2009 by Fraser Howard, SophosLabs UK
Filed under: General, Malware

Windows 7 security - A great leap forward or business as usual?

About SophosLabs

SophosLabs protects businesses from known and emerging malware - viruses, rootkits and spyware - and other computer threats like phishing, spam and scams. Learn more about the people who write this blog.

RSS feed

Hot video

International Kill-A-Zombie Day

SophosLabs blog