Got letter from USPS? It may be PDF malware

No matter that some of malware attacks are old and kind of boring, people are still falling into them. One of such examples is PDF malware which is expected to show up brightly on Black Friday.

PDF malware gets inside the system together with fake document sent by “legitimate’ company, such as bank or post office. Most of the users don’t even think that they can be attacked by scammers through such letters, so they open attached Adobe .PDF or other files presented as receipt, ticket or other important document immediately without thinking. In addition, such scam letters don’t fail to instruct their victims to open and save the file on the PC so that they the file could connect to the server and download malware additionally. A clear example of such attack is the letter sent by USPS (United States Postal Service). Having some grammar mistakes, such message reads:

Subject: Package is was not able to be delivered please print out the attached label


Unfortunately we failed to deliver the postal package you have sent on the 19th of September in time because the recipient’s address is erroneous.

Please print out the shipment label attached and collect the package at our office.

United States Postal Service

Once downloaded and executed onto a system, the attached file “USPS report’ connects to some IP address and downloads the executable file of the malware called FakeSysDef. In addition, FakeSysDef is expected download other components onto the compromised PC, update its copy and even follow commands of its controller.

It’s highly recommended to avoid opening such emails before you are sure that you have made transactions with a sender. If you have any doubt, contact the companies to make sure that letter is sent by them. In addition, it’s also very important having updated anti-virus and anti-spyware programs on board to avoid infiltration of such malwares. If you think you may have this threat on your machine, run a full system scan. If it’s there, you will be reported about Trojan.Win32.Generic!BT.

Like us on Facebook