Holiday Email Security Alert

Your friends and family aren't the only ones trying to give you a present this year. The internet bad guys have a trojan they'd like give you also, wrapped up nicely in the form of an email appearing to be from a well known corporation.

Windows workstation public enemy #1 – The Kuluoz Trojan

Preying on the ramp up in consumer spending related activities during this time of the year, the distributors of the Kuluoz trojan aim to trick you into installing a file disguised in an email that appears to be from a legitimate corporate business.

Here is an example

Known companies spoofed:

Costco

Fedex

USPS

Walmart

Delta

DHL

American Airlines

Paypal

and even the IRS

 

Don't brush it off it it's not one of the above entities, the company/organization spoofed is arbitrary. It could be anything.

 

From the variants seen at Jlab they also usually contain the city and/or zipcode.

 

Newport News

23606

 

The file name is generated dynamically to include the city/zip from the location in which your machine requests the file. This is done using IP geolocation on the fly at the time of request.

 

The end result is an email that contains a link to a .zip containing a .exe, with a name similar to:

 

Costco_OrderID-818566-Newport_News.zip

Costco_OrderID-818566-Newport_News.exe

FedexForm_23606.zip

FedexForm_23606.exe

 

As always, the general rule of safe computer usage applies.

 

DO NOT DOWNLOAD RANDOM THINGS FROM THE INTERNET AND INSTALL THEM

 

Please contact the Computer Center Helpdesk at x7155 with any questions or concerns.