Spamvertised compromised URL:<\/strong>\u00a0hxxp:\/\/www.unser-revier-bruchtorf-ost.de\/FWUJKKOGMP.html<\/em><\/p>\n Actual malicious archive URL:<\/strong>\u00a0hxxp:\/\/www.unser-revier-bruchtorf-ost.de\/Shipping_Label_USPS.zip<\/em><\/p>\n Detection rate:<\/strong>\u00a0MD5: 089605f20e02fe86b6719e0949c8f363<\/strong><\/a> – detected by 5 out of 44 antivirus scanners as UDS:DangerousObject.Multi.Generic<\/p>\n Upon execution, the sample phones back to the following URLs:<\/strong> More malware variants are also known to have phoned back to the same IPs:<\/strong> Who’s behind this campaign? It’s the same cybercriminal\/group of cybercriminals that launched the “Cybercriminals impersonate UPS, serve malware<\/strong><\/a>” campaign in August, 2012. Both campaigns are launched using identical tactics, and some of the listed MD5s are identical to the MD5s found in related campaigns impersonating UPS.<\/p>\n Webroot SecureAnywhere<\/strong><\/a>\u00a0users are proactively protected from these threats.<\/p>\n You can find more about Dancho Danchev at his\u00a0LinkedIn Profile<\/strong><\/a>. You can also\u00a0follow him on \u00a0Twitter<\/strong><\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" Cybercriminals are currently mass mailing millions of emails impersonating The United States Postal Service (USPS), in an attempt to trick its customers into downloading and executing the malicious .zip archive linked in the bogus emails. Upon execution, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign to gain complete […]<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[12469,12489,12487,12471,12481,12465,12477,10897,12475,6183,5811,12467,12463,12473,12479,5705,12491,12483,12485,5709],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/8521"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=8521"}],"version-history":[{"count":2,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/8521\/revisions"}],"predecessor-version":[{"id":25501,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/8521\/revisions\/25501"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=8521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=8521"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=8521"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=8521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"http:\/\/webrootblog.files.wordpress.com\/2012\/11\/usps_email_spam_malware.jpg\" "\\"USPS_Email_Spam_Malware\\"")
<\/a><\/p>\n
\nhxxp:\/\/64.151.87.152<\/strong>:41765\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/66.7.209.185<\/strong>:41765\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/173.224.211.194<\/strong>:43456\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/46.105.121.86:43456<\/strong>\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/222.255.237.132<\/strong>:41765\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/64.151.87.152<\/strong>:43456\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/79.170.89.209<\/strong>:41765\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/79.170.89.209<\/strong>:43456\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/217.160.236.108<\/strong>:41765\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/217.160.236.108<\/strong>:43456\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/88.84.137.174<\/strong>:43456\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/46.105.112.99<\/strong>:43456\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/50.22.136.150<\/strong>:8080\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/130.88.105.45<\/strong>:41765\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/91.205.63.194<\/strong>:41765\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/95.173.180.42<\/strong>:43456\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/95.173.180.42<\/strong>:43456\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em>
\nhxxp:\/\/217.160.236.108<\/strong>:84\/00cd1a40FA511365883ACEB58B055EA44882D5E2D24B9BB24D7949BCECDEA40E850DB1FCC7397577B70452EC74D82B225022BB99287FFFA45E0F98E18AA3A71007E1FDA570<\/em><\/p>\n
\nMD5: 54b574029cef8da99737fe8705597ac6<\/strong><\/a> – detected by 23 out of 44 antivirus scanners as TrojanDownloader:Win32\/Kuluoz.B
\nMD5: 4f0bf97d890967d44ca6aec07f6bc752<\/strong><\/a>\u00a0– detected by 31 out of 43 antivirus scanners as Trojan.Win32.Agent.uloi
\nMD5: 96255178f15033362c81fb6d9b9c3ce4<\/a>\u00a0<\/strong>– detected by 9 out of 44 antivirus scanners as Trojan-Dropper.Win32.Dapato.bupr
\nMD5: 54b574029cef8da99737fe8705597ac6<\/strong><\/a> – detected by 23 out of 44 antivirus scanners as UDS:DangerousObject.Multi.Generic
\nMD5: 0282bc929bae27ef95733cfa390b10e0<\/strong><\/a>\u00a0– detected by 7 out of 44 antivirus scanners as TrojanDownloader:Win32\/Kuluoz.B
\nMD5: ea8adf1d9c6a76b39c9a3e1a5e8826f0<\/strong><\/a>\u00a0– detected by 27 out of 42 antivirus scanners as Trojan.Win32.Yakes.bhhg
\nMD5: b4cd6c46d789c322876b6bb74ec62357<\/strong><\/a>\u00a0– detected by 32 out of 40 antivirus scanners as Trojan-Downloader.Win32.Kuluoz.aad
\nMD5: 57d9b0652f253933df251624b3965c52<\/strong><\/a>\u00a0– detected by 33 out of 44 antivirus scanners as Trojan.Generic.KDV.762605
\nMD5: b99d77ea6c96f27da3d84e65149c3e28<\/strong><\/a> – detected by 26 out of 41 antivirus scanners as Trojan.Win32.Yakes.bise
\nMD5: e40342f10b6aff36002996f3a3e88add<\/strong><\/a>\u00a0– detected by 30 out of 44 antivirus scanners as TrojanDownloader:Win32\/Kuluoz.B
\nMD5: 36d30a8eea96881057ae795467fe561a<\/strong><\/a>\u00a0– detected by 34 out of 44 antivirus scanners as Trojan.Win32.Yakes.bigs
\nMD5: b99d77ea6c96f27da3d84e65149c3e28<\/strong><\/a>\u00a0– detected by 26 out of 41 antivirus scanners as Trojan.Win32.Yakes.bise
\nMD5: 7e5a4754b1b7c285e812e37be1765c35<\/strong><\/a>\u00a0– detected by 29 out of 42 antivirus scanners as Trojan-Downloader.Win32.Kuluoz.aal
\nMD5: 7cec1a12f0f3d6e6b41976cb955c209e<\/strong><\/a>\u00a0– detected by 34 out of 44 antivirus scanners as Trojan.Win32.Yakes.bhjy
\nMD5: 7afc73de809387bc6d66434cbbb6bed3<\/strong><\/a>\u00a0– detected by 24 out of 35 antivirus scanners as TrojanDownloader:Win32\/Kuluoz.B
\nMD5: ea8adf1d9c6a76b39c9a3e1a5e8826f0<\/strong><\/a>\u00a0– detected by 27 out of 42 antivirus scanners as Trojan.Win32.Yakes.bhhg
\nMD5: dbacc50ee3e42b24b45b9d8a7a7aaa4b<\/strong><\/a>\u00a0– detected by 34 out of 44 antivirus scanners as Trojan.Win32.Yakes.bhij
\nMD5: 6d121b530bbf8ab026e7052a42ed644a<\/strong><\/a>\u00a0– detected by 30 out of 42 antivirus scanners as Trojan.Win32.Yakes.bgvk
\nMD5: 54b574029cef8da99737fe8705597ac6<\/strong><\/a>\u00a0– detected by 23 out of 44 antivirus scanners as TrojanDownloader:Win32\/Kuluoz.B
\nMD5: 36d30a8eea96881057ae795467fe561a<\/strong><\/a>\u00a0– detected by 34 out of 44 antivirus scanners as PWS-Zbot.gen.aow
\nMD5: e40342f10b6aff36002996f3a3e88add<\/strong><\/a>\u00a0– detected by 30 out of 44 antivirus scanners as Trojan-Downloader.Win32.Kuluoz.aao
\nMD5: 2e9755cfce544627fbfd3be07af5d7d9<\/strong><\/a>\u00a0– detected by 33 out of 43 antivirus scanners as Trojan-Downloader.Win32.Kuluoz.aam
\nMD5: e40342f10b6aff36002996f3a3e88add<\/strong><\/a>\u00a0– detected by 30 out of 44 antivirus scanners as Trojan.Generic.KDV.768818
\nMD5: cddd3267db116d9b8bb0954c40d45f2d<\/strong><\/a>\u00a0– detected by 27 out of 44 antivirus scanners as Trojan.Generic.KDV.770707<\/p>\n