USPS Delivery Failure Notification emails contains new trojan variant


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “USPS Delivery Failure Notification”.

The email is send from the spoofed addresses and has the following body:

Hello!

Unfortunately we failed to deliver the postal package you have sent on the 2nd of December in time because the recipient’s address is erroneous.

Please print out the shipment label attached and collect the package at our office.

United States Postal Service

The attached ZIP file has the name USPS report.zip and contains the 45 kB large file USPS report.exe.

The trojan is known as Troj/DwnLdr-JNL (Sophos), Gen:Variant.Kazy.47555 (F-Secure), Trojan-Downloader.Win32.Pakes.it (Kaspersky), Gen:Variant.Kazy.47555 (BitDefender).

At the time of writing, only 18 of the 43 AV engines did detect the trojan at Virus Total.

Virus Total permalink and MD5: 371f5f724fbd95db62a217c4c2f5d1be.

5 thoughts on “USPS Delivery Failure Notification emails contains new trojan variant

  1. The USPS has nothing to do with spam and are not responsible in any way. Please do your due diligence on researching spam email before making such a ridicules claim. The virus is an attempt to infect the pc’s of unwitting computer users around the world by fooling them into opening the attachment. They are creators and purveyors of computer viruses and could be anyone.

Comments are closed.