A new computer virus masquerading as a Canada Post delivery notice has been traced to Malaysia, a Canada Post spokeswoman said Friday.
And even as Canada Post tried to alert customers on its website, Facebook and Twitter, the virus kept morphing into new variants, said Anick Losier.
The official-looking virus, in both English and French, sends a message to inboxes saying, “We missed you, when trying to deliver! Please view the income and contact us with any questions. We will try to deliver again the following business day.
The message contains a PDF attachment which carries the Trojan virus. When opened, it sends a virus through the users’ systems.
The subject line announces: “IMPORTANT: Canada Post Delivery” and then a number, which IT specialists speculate is just random.
“Any email that says you’ve received a delivery, you should be suspicious about,” said Losier. “They’re using our branding quite accurately.”
Canada Post does send email notices to alert a customer about a shipment if they sign up for the notices, she said.
She also recommended users who receive a message with a tracking number cut and paste it onto the Canada Post website tracking device to see if it is valid.
“Our customers have to be vigilant.”
“Postal-themed” viruses started early last week with a British Royal Mail delivery scam, according to one anti-virus alert site, which described the ploy as coming from the “Bredo malware-spammers.”
The Canada Post version began late last week and by this week had been modified to arrive in both official languages.
“The actual attachments are PDF files, which is quite unusual for spam containing malware,” the anti-virus site reports. “Maybe that’s what the bad guys were relying on. There are still many people out there who mistakenly think of PDF as being a ‘safe’ format.”
The Canadian Cyber Incident Response Centre on April 16 sent a Cyber Flash warning to IT departments after detecting the virus and analyzing it. The CCIRC is a division of Public Safety Canada.
The spammers were highly effective, CCIRC reported:
“Anti-virus detection for the associated malware was poor with only 18 per cent of vendors detecting the sample as malicious.”
The centre alert recommended that IT departments block the IP address 59.44.60.152 on their network perimeters.
Source: thestar.com
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment