My OperaUnited Parcel Service - Fake email for package non-delivery
Wednesday, July 16, 2008 3:06:41 PM
McAfee and other AV vendors are highlighting this latest social engineering attack. A well disquised email message appears to come from UPS. It claims that a package cannot be delivered unless the fake waybill attachment is selected.
Users selecting these attachments will be infected with malicious code from a downloader that originates from a Russian website
United Parcel Service - Fake email for package non-delivery
http://vil.mcafeesecurity.com/vil/content/v_132901.htm
http://wcco.com/techcenter/ups.email.virus.2.771489.html
http://urbanlegends.about.com/b/2008/07/15/ups-virus-warning.htm
http://www.startribune.com/local/25464324.html
http://www.ups.com/content/us/en/about/news/service_updates/virus_us.html
QUOTE: United Parcel Service is warning of a computer virus circulating under the guise of an e-mail from UPS. According to a release from UPS, the virus is attached to an e-mail that warns readers they have a shipment that couldn't be delivered unless they click on the attachment. The e-mail claims the attachment contains a waybill that will allow the undelivered package to be picked up.
COPY OF EMAIL MESSAGE: (spoofed to appear from UPS)
"Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office.
Your UPS"
The attached file is an executable which downloads files from the following server:
hxxp: //fixaserver (dot) ru / ldr / [Removed]
Users selecting these attachments will be infected with malicious code from a downloader that originates from a Russian website
United Parcel Service - Fake email for package non-delivery
http://vil.mcafeesecurity.com/vil/content/v_132901.htm
http://wcco.com/techcenter/ups.email.virus.2.771489.html
http://urbanlegends.about.com/b/2008/07/15/ups-virus-warning.htm
http://www.startribune.com/local/25464324.html
http://www.ups.com/content/us/en/about/news/service_updates/virus_us.html
QUOTE: United Parcel Service is warning of a computer virus circulating under the guise of an e-mail from UPS. According to a release from UPS, the virus is attached to an e-mail that warns readers they have a shipment that couldn't be delivered unless they click on the attachment. The e-mail claims the attachment contains a waybill that will allow the undelivered package to be picked up.
COPY OF EMAIL MESSAGE: (spoofed to appear from UPS)
"Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office.
Your UPS"
The attached file is an executable which downloads files from the following server:
hxxp: //fixaserver (dot) ru / ldr / [Removed]
