Donna's SecurityFlash

Aha! someone else finally wrote about this!

All afternoon I was waiting to get a bit more information, and eventually your post made it onto the search engine pages.

I've had three of these so far, one with a subject line and attachment name in German, two in English (one of which had a mis-spelled file name). All had the body text in English.

I've posted about my findings here:

veroblog.wordpress.com/.../ups_invoiceexe-trojan-received-by-email

tomorrow I hope to get time to open this in a sand pit and see what it actually tries to do, and how well (if at all) Vista's UAC will spot it's behaviour and prevent it by requiring admin credentials before anything too nasty can take place.

new one released

text or email is

Good day,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,

Geraldine Kuhn

Your Customs Service

file attached to email is

Tax_Invoice.zip

this one badly detected so far but will get better as day go on

I have had 8 in last 2 hours

There seems to be a variation in the subject, body and name of the attachment with the email, now claiming to be from the customs service:

veroblog.wordpress.com/.../ups_invoice-email-trojan-variant-claims-to-be-from-customs-service