This fake USPS spam leads to malware on computerpills.net:
Date: Fri, 4 May 2012 08:50:52 -0500
From: “Cathryn Small” [[email protected]]
Subject: Your USPS shipment postage labels receipt.Acct #: 0443907
Dear client:
This is an email confirmation for your order of 3 online shipping label(s) with postage. Your credit card will be charged the following amount:
Transaction ID: #1537194
Print Date/Time: 03/15/2012 02:30 PM CST
Postage Amount: $43.70
Credit Card Number: XXXX XXXX XXXX XXXXPriority Mail Regional Rate Box B # 5153 9371 4727 8289 2238 (Sequence Number 1 of 1)
If you need further information, please log on to www.usps.com/clicknship and go to your Shipping History or visit our Frequently Asked Questions .
You can refund your unused postage labels up to 14 days after the issue date by logging on to your Click-N-Ship Account.
Thank you for choosing the United States Postal Service
Click-N-Ship: The Online Shipping Solution
Click-N-Ship has just made on line shipping with the USPS even better.
New Enhanced International Label and Customs Form: Updated Look and Easy to Use!
* * * * * * * *
This is a post-only message
The malicious payload is an exploit kit at computerpills.net/main.php?page=beb0bb4c8ebd96e5 hosted on 37.59.68.23 (OVH, UK) which is the same server used in this attack, the payload looks to be the same as the one used in this other attack, with a very low detection rate at VirusTotal of just 3/42.
Leave a reply
