back to article Zeus spyware pretends to be Royal Mail PDF

Zeus spyware Trojan variants have begun using PDF files to package exploits. Thousands of spammed messages containing exploit-ridden attachments posing as delivery notices from the Royal Mail have been intercepted by net security firm Websense this week. The PDF attachment contains an embedded executable containing the Zeus …


This topic is closed for new posts.
  1. Ed Blackshaw Silver badge

    I've had a load of these over the last couple of months

    .zip files containing skypixie-knows-what purporting to be from UPS. They get the usual spam treatment.

  2. A J Stiles

    Easy fix

    There's an obvious and easy (for some value of easy) fix that would kill the propagation of malware stone dead. That is, make sure no two computers have the same instruction set or addressing schema. Then a binary executable would only ever run on the specific machine for which it was compiled. If it's you who does the compiling, nobody else need ever know how to compile a program for your box. You get to be the final arbiter of what runs on it and what doesn't.

    Self-propagating code would have to be written in interpreted languages, and thus could easily be recognised and dealt with.

    If you can dynamically change the instruction set and addressing schema, all machines in a corporate setting --and therefore, it is to be hoped, safely behind a firewall -- could be homogenised to allow compile-once, run-anywhere.

  3. Neal 5

    Just to be pedantic

    I think you ,ay find the correct term for Chinese "hackers" is actually Honkers, at least that is how the Chinese refer to them, so ergo the control servers must be run by Honkers and not Hackers if they are Chinese controlled. This may be a trivial matter, but such inaccuracies do tend to lead to confusion. This may be why the Chinese are in continual denial of such activities.

    So, please, El Reg, remember, if you don't wish to become another Google, I would find your stories to be quite unreadable in any other language than English.

    1. Quxy

      Red Guests are better than Black?

      Well, not quite... Honker (红客 = "red guest") is is a particular Chinese group known for hacktivism. The Chinese media uses the usual transliteration of hacker (黑客 = "black guest") unless they're talking specifically about the Honker Union. These control servers are probably not controlled by the Honker, whose activities usually have a more overt political component.

      1. OldDogNewWalk

        @ Quxy. Whoah!

        _IF_ you know what you are talking about (and I certainly can't offer evidence against you) then you truly deserve the use of the genius/nerd icon. I'll drink a pint in your honour. In fact I'll drink a few, too many.

  4. Paul Crawford Silver badge
    Thumb Down

    Not helped by...

    ...the brain dead developers of the parcel force /mail web site that only works officially on windows and demands the pdf browser plug-in. Easier to take stuff to the local (or not so local these days) post office branch.

  5. adam payne

    Royal Mail+email=fake!

    We've been getting loads of these being blocked by our mail filter.

    IMPORTANT: Royal Mail Delivery Invoice #1092817

    A modernised Royal Mail using email...steady on. Must be a fake!

  6. Anonymous Coward
    Anonymous Coward

    In defence of the clicking-blindly crowd

    I had occasion to play^Wfight with a micros~1 product again lately and one of the things that (again) struck me is the lengths the mob in redmond will go to wasting my time with popups and messages and whatnot that seem carefully engineered to not say anything useful at all.

    If you work with that crap all day and you _aren't_ a member of the IT crowd so you _don't_ know what particular subsystem is having a fit and therefore you _don't_ have already mentally listed the possible causes of the software throwing a fit so you _can't_ ``fix it'' by doing probably the right thing without reading the message as the IT crowd usually does (don't you lot deny it), then I can't blame you for picking a button at random instead. Has about the same expected result and wastes much less time.

    I'm all for user education, in fact I believe it is the way forward, but going forward will never succeed if the software is deliberately obtuse.

    Want examples? Even just the services ``manager'': For every service it warns you that turning it off may possibly adversely affect unspecified other things. Note that it says the same thing for services that are critical and those that you don't need both. Hey, it's a computer, it can bloody well figure out and tell me what other things WILL BE affected when $service is lacking. If it doesn't, it's doing me a disservice. Count the disservices it's doing you. I dare you.

    Same with most error messages like the one in cmd.exe meaning ``command not found'' but it needs two full lines to convey those three words, or the half-page of yabber stuck in a popup greeting you upon entering ``safe mode'', or any popup or double-popup urging you to reconsider clicking on ``execute that just downloaded thing'' or ``execute attachment'' without providing info to improve the ``informed'' part of ``informed decision''.

    That sort of thing is why you don't trust users using windows so if you're a responsible admin you simply forbid users executing software you didn't provide and you strip all attachments at the edge. But note that it's the software that is failing the user by yabbering incoherently at him where it clearly could say something useful instead.

    As long as redmond keeps on stacking meaningless question upon meaningless question the quality of the experience isn't going to improve, and therefore the quality of their users' choices are not going to improve either. Recall the vista preview needing SEVEN clicks to say ``shut up and do it''? How's that for trying to force people to consider? Note that micros~1 was publicly incapable of figuring out the futility of that excercise on its own. Epic Phail Writ Large.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022