Educause Security Discussion mailing list archives
malware spam: Toll road invoice / Notice to Appear / FedEx Problem
From: Bob Bayn <bob.bayn () USU EDU>
Date: Sun, 12 Apr 2015 15:22:17 +0000
Yesterday, we received over 150 email messages with a zip attachment containing a Trojan downloader in a .doc.js file. We have seen scattered instances before but this is the biggest attack of this sort so far. The inducement to open the attachment is a variation on one of three stories: 1) You owe an E-ZPass toll road fee 2) You are notified that you must appear in court 3) Your FedEx delivery has an issue The subject lines often begin with the first name of the recipient (in all CAPS) if that can be determined from the recipient address. The subject also often ends with a random tracking number. The actual sender address is unique for each message and the sending email host indicates that a botnet is probably being used to launch these attacks. We've recorded the following variations on sender name and subject line: District Court State Court County Court Notice to Appear Notice to Appear in Court #00... Notice of Appearance in Court #00... E-ZPass Manager E-ZPass Support E-ZPass Agent: Indebtedness for driving on toll road #00... Indebted for driving on toll road #00... Pay for driving on toll road, invoice #00... Payment for driving on toll road, invoice #00... FedEx 2Day FedEx 2Day A.M. FedEx International Economy FedEx International Ground FedEx International MailService FedEx International Next Flight FedEx SmartPost FedEx Standard Overnight Problem with parcel shipping, ID:00... Delivery Notification, ID 00... Problems with item delivery, n.00... We could not deliver your parcel, #00... Unable to deliver your item, #00... The common thread is the .doc.js in a zip. See if your email filters can strip the attachment or block the messages. Good luck! Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University Do you know the "Skeptical Hover Technique" and how to tell where a web link really goes? See: https://it.usu.edu/computer-security/computer-security-threats/articleID=23737
Current thread:
- malware spam: Toll road invoice / Notice to Appear / FedEx Problem Bob Bayn (Apr 12)