Fake Canada Post Notification Spreads Malware

 Analysis by: Ardin Maglalang

Canada Post is Canada's primary postal operator and spammers have taken advantage of the organization's popularity. Email notifications purportedly coming from Canada Post were found circulating in the wild. The message informs recipients of a shipped package and provides links where users can download the supposed shipping invoice. However, these links were found to be malicious and leads users to the malicious file, down4.exe

Recipients may think that this message is legitimate and may click on the link provided, in turn downloading the malware. 

Trend Micro users are protected against these spammed messages. The URL component is blocked and categorized as disease vector while the downloaded file is detected as TSPY_ZBOT.QXC. Users are advised to double-check the validity of messages before clicking the URLs or downloading attachments.
 SPAM BLOCKING DATE / TIME: March 23, 2011 GMT-8
 TMASE INFO
  • ENGINE:6.5
  • PATTERN:8030