By Dancho Danchev
Cybercriminals are currently spamvertising malicious USPS-themed emails, that entice end and corporate users into clicking on malicious links found in the emails.
Sample subject: USPS postage labels order confirmation; Your USPS postage labels charge
Sample message: Acct #: 0873977 Dear client :This is an email confirmation for your order of 5 online shipping label(s) with postage. Your credit card will be charged the following amount: Transaction ID: #4252724Print Date/Time: 03/11/2012 02:30 AM CST Postage Amount: $48.25Credit Card Number: XXXX XXXX XXXX XXXX Priority Mail Regional Rate Box B # 9299 1836 2636 8858 7679 (Sequence Number 1 of 1) For further information, please log on to http://www.usps.com/clicknship and go to your Shipping History or visit our Frequently Asked Questions .You can refund your unused postage labels up to 10 days after the print date by logging on to your Click-N-Ship Account.Thank you for choosing the United States Postal Service Click-N-Ship: The Online Shipping Solution Click-N-Ship has just made on line shipping with the USPS even better.New Enhanced International Label and Customs Form: Updated Look and Easy to Use!* * * * * * * *This is a post-only message
Sample malicious URL spamvertised in the campaign: hxxp://blazewear.assetict.com/sgENCGn0/index.html
Structure of the client-side exploits serving process is as follows.
The compromised legitimate web site participating in the campaign, has a very low detection rate.
Webroot’s security researchers will continue monitoring the spamvertised campaign, to ensure that Webroot SecureAnywhere customers are protected from this threat.