Increase in malicious spam

Rodel Mendrez from M86 Security labs has made an excellent post on a Massive Rise in Malicious Spam:
http://labs.m86security.com/2011/08/massive-rise-in-malicious-spam/


As he notes in his conclusion, "It seems spammers have returned from a holiday break and are enthusiastically back to work."


So I decided to check out if I had received some spam as well. Jackpot ;-) !

UPS notification

Re: End of July Statement Required




Your credit card has been blocked





ACH Transfer Review

Most of the files are displaying a Word or PDF icon to trick
the user in opening the file:

Some examples of attachments, with their respective
VirusTotal results:

Invoice_08.17.2011_Collcod.exe
MD5: cf0397bb622e4ed9dfdeb07fcbfa9687
VirusTotal Report

MasterCard_invoce_ID73284783275943.doc.exe
MD5: 0b7eba77dd4bcea3c670c4a664e98778
VirusTotal Report

UPS_Document.exe
MD5: 17f9148b130a94ab1f50030ebbf2415a
VirusTotal Report

form-62091.exe
MD5: e18d8cb2a4264a3c559d7967b3c6ab99
VirusTotal Report

When opening either of these files, you can end up with a rogue.
One example rogueware I got was "System Repair":

System Repair rogueware

The dropped file that is launching the rogueware:

pusk3.exe
MD5: 27077c2058983bb76bd09cdad69f7bde
Result: 36/44 (81.8%)
VirusTotal Report
ThreatExpert Report
Anubis Report

Conclusion

Conclusion is pretty simple: Do not open any attachments from unknown senders.
If you happen to be infected with System Repair, you can for example use the guide on Bleepingcomputer:
http://www.bleepingcomputer.com/virus-removal/remove-system-repair