Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

August 6th, 2010, 07:46 GMT · By

YouSendIt Fake Emails Deliver Trojan and Malicious Links

SHARE:

Adjust text size:


YouSendIt name abused to distribute malware
Enlarge picture
Security researchers warn about new spam campaigns that abuse the name of the YouSendIt online service to trick users into running malware or visiting infected websites. Some of the rogue emails contain links to websites that carry malicious payloads, while others have a new variant of the Bredolab trojan attached.

The spammers behind the first campaign are putting out fake YouSendIt pending download notification emails, which look exactly as the real deal. However, all URLs within, like those for obtaining the allegedly received file, have been replaced with ones pointing to malicious websites.

Clicking on any of the links takes users to a Web page executing a drive-by-download attack to install a trojan on their computers. Victims are then redirected to Canadian pharmacy spam website. According to security researchers from MX Lab, a Belgian email security vendor, who intercepted the emails, this redirect strategy has the purpose of distracting the user from the actual malware infection.

The second spam campaign leveraging the popularity of the YouSendIt service, produces emails that instruct recipients to run a malicious attachment. "[Name] has sent you the following via YouSendIt. File attached to this letter," the rogue messages, which carry YouSendIt's regular signature, read.

"The message has the attachment YouSendIt_reader.zip. Once extracted, the 20 kB large file YouSendIt_reader.exe is available. The trojan is known as Gen:Variant.Bredo.2 (BitDefender, F-Secure, GData), TrojanDownloader:Win32/Waledac.C (Microsoft)," the MX Lab researchers, explain. The Bredolab trojan regularly serves as a distribution platform for other malware and according to a recent report from Sophos, it is the most common email-borne threat.

Email template abuse seems to be a growing trend amongst spammers. During the past month we reported about multiple spam campaigns masquerading as official notifications from popular services like Gmail, ImageShack, My Opera, ShopNBC or Twitter. As always, users should be extremely wary of all links and files received via email, even when they appear to originate from trusted parties.

You can follow the editor on Twitter @lconstantin

TELL US WHAT YOU THINK:

1,492 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Malware Pushers Abuse Gmail Invitation Template
Zbot Pushers Abuse ImageShack Email Template
Fake My Opera Account Activation Emails in Circulation
ShopNBC Fake Emails Lead to Malicious Website

READER COMMENTS:


Comment #1 by: Anton Toni Agung on 06 Aug 2010, 08:52 UTC reply to this comment

I'm a Windows 7 Ultimate user, i frequently used Windows Update. 1 week ago, Avira AntiVir Personal 10 adn Windows Defender detected some files from Windows Update as TrojanDownloader:Win32/Waledac.C.

My friend found TR.Bredolab on Windows Update files.

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use