The massive spam campaign that started before the holidays has gotten its second wind and launched yet another flood of spam.
The messages brandjack FedEx and look like notifications from the company. The notices inform the recipient that a package is waiting for them, and since they were unable to complete delivery, they must print the attached receipt and bring it to their local depot. Those that clicked on the attachment were prompted to download a program rather than an image file or PDF of the promised attachment. Most people would realize something’s not right and cancel out but those who proceed wind up with malware infecting their system. The payload varies. Sometimes it’s a worm or Trojan, other times a fake antivirus program. It’s easy to protect yourself from this attack, you just need to use your common sense. FedEx doesn’t send delivery notices via email, for example.
“And delivery tracking information is usually sent by the merchant, not the delivery company,” says the Connecticut Better Business Bureau’s Howard Schwartz. “Every link in an unsolicited email and every attachment has the potential to not only ruin our lives, but steal personal information, harvest email addresses and contact information, turn our computers into spam generators or worse.”
These types of attacks will continue to grow throughout 2013 as spammers turn away from traditional spam and come up with new ways to distribute malware and go spear phishing. The face of spam is changing-huge botnets are out, malicious spam and text message spam are in. Spammers are constantly reinventing themselves and their techniques and it will be quite a task to stay one step ahead of them.