Jump to content

Recommended Posts

Posted

I've received several suspicious e-mails in the last couple of days, so I've decided to check the contents of the attached .zip file and without a surprise, there was an .exe file in it.

What is not good, is the fact that neither Microsoft Security Essentials antivirus nor Eset Nod32 wasn't able to detect it once I've scanned the file. At least Microsoft Outlook mail scanner marked this mail as spam. So I wasn't entirely unprotected :)

The bogus message subject is something like this:

Subject: UPS Tracking Number 8279775.

Sender: UPS Manager Ramona Mock parcel@ups.com

Here's the subject of the mail:

Dear customer!

The courier company was not able to deliver your parcel by your address.<br itxtvisited="1">Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please attention!<br itxtvisited="1">The shipping label is attached to this e-mail. <br itxtvisited="1">Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.<br itxtvisited="1">United Parcel Service.<br itxtvisited="1">The attachment actually contains a virus which may infect the user's computer.

When I googled for more information on this virus, I've found out that similar virus was released almost 2 years ago, so apparently this is a new variant of it, as AV scanners were unsuccessful in detecting the threat. So far I've tried to detect the threat using 'only' Microsoft Security Essentials and Nod32 antivirus.

Here is the warning about UPS virus which was released about 18 months ago.

The newest virus circulating is the UPS/Fed Ex Delivery Failure. You will receive an email from UPS/Fed Ex Service along with a packet number.. It will say that they were unable to deliver a package sent to you on such-and-such a date. It then asks you to print out the invoice copy attached. DON'T TRY TO PRINT THIS. IT LAUNCHES THE VIRUS! Pass this warning on to all your PC operators at work and home. This virus has caused Millions of dollars in damage in the past few days.

I can't be sure of what damage it can cause to your computer, but I guess it is variant of UPS trojan virus and I can only advise you upon receiving similar mail, to immediately delete it.

Update: I have submitted suspicious file to the Microsoft Malware Protection Center (MMPC). I will update this article, as soon as I get more info on this.

Posted

Upon my submission, Microsoft confirmed that this is a new variant of Trojan, but you'll have to update virus definitions manually if you are using Microsoft Security Essentials.

Check the frontpage article for more information.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...