MSMVPS.COM

The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.

Welcome to MSMVPS.COM Sign in | Help

Home

Blogs

Media

Groups

Harry Waldron - Microsoft MVP Blog

Security News and Best Practices for corporate and home users

United Parcel Service - Fake email for package non-delivery

Email McAfee and other AV vendors are highlighting this latest social engineering attack. A well disquised email message appears to come from UPS. It claims that a package cannot be delivered unless the fake waybill attachment is selected.

Users selecting these attachments will be infected with malicious code from a downloader that originates from a Russian website

United Parcel Service - Fake email for package non-delivery
http://vil.mcafeesecurity.com/vil/content/v_132901.htm
http://wcco.com/techcenter/ups.email.virus.2.771489.html
http://urbanlegends.about.com/b/2008/07/15/ups-virus-warning.htm
http://www.startribune.com/local/25464324.html
http://www.ups.com/content/us/en/about/news/service_updates/virus_us.html

QUOTE: United Parcel Service is warning of a computer virus circulating under the guise of an e-mail from UPS. According to a release from UPS, the virus is attached to an e-mail that warns readers they have a shipment that couldn't be delivered unless they click on the attachment. The e-mail claims the attachment contains a waybill that will allow the undelivered package to be picked up.

COPY OF EMAIL MESSAGE: (spoofed to appear from UPS)

"Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office.

Your UPS"

The attached file is an executable which downloads files from the following server:

hxxp: //fixaserver (dot) ru / ldr / [Removed]

Only published comments... Jul 16 2008, 03:59 PM by harry

Comments

Kevin Ball said:

They seem to have updated the content of the e-mail, I received this today

Good day,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,

Errol Hastings

Your Customs Service

July 25, 2008 5:27 AM

louise college said:

i have recieved this email today, i opened thew email but not the attachment, since then my computer has not worked properly, none of my number buttons work, i cannot do a system restore or open files, i have done three virus checks with 3 different companies but cannot find a virus, my computer was fine until this email came, i am not running a fourth checker that is scanning files that i shouldnt have on my system, it includes thousands of full file games which i dont even have on my system, i really think there is no hope and i may lose everything on my system, i warn anyone if you see a email from ups dont even open it, DELETE IT!!!

August 5, 2008 12:41 PM

Name: (required)
Website: (optional)
Comments (required)
Remember Me?
Submit

This Blog

Syndication

Personal Links

Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems