14 replies to this topic

[Humpty]

Just got an email from a "United Parcel Service"

Quote

Unfortunately we were not able to deliver postal package you sent on July the 1st in time
because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office

Your UPS

The attached word document is actually an exe in disguise and will unload malware if executed.
Virus Total
[attachment=2489:Malware.JPG]

[hazelnut]

Looks like it's the same one as here Humpty.

http://forum.pirifor...showtopic=16761

Unfortunately someone will believe it and open the document.

[Humpty]

Sorry Hazel, missed your posting.Maybe you could merge the two.

I tried to send the zipped malware package to Oleg, the developer of AVZ anti rootkit tool for addition to it's data base but had a run in with my isp email service provider.

Below is a transcript of our little run in.
My isp:

Quote

The following viruses were detected in the message (MID 132528672):
'Troj/Agent-HFZ', 'Troj/Invo-Zip'

Actions taken:
Message archived
Message dropped

My reply:

Quote

I know it's malware that I was sending to an anti malware developer for
analsyis.

Funny thing is I got the malware as an email attachment through my Iprimus account!
LOL.

Come to think about it, why can it come through to me no probs but I can't
send it for expert analysis both going via my isp's email service????

[hazelnut]

Excellent reply to your ISP Humpty, bet they didn't know what to say!!

[Andavari]

That's why people should configure their systems to display the file extensions. It's far too easy to put any icon into a program.

[YoKenny]

hazelnut, on Jul 22 2008, 09:18 AM, said:

Excellent reply to your ISP Humpty, bet they didn't know what to say!!

If it was Rogers they would say FORMAT the hard drive and re-install the operating system.

[davey]

Andavari, on Jul 22 2008, 02:45 PM, said:

That's why people should configure their systems to display the file extensions. It's far too easy to put any icon into a program.

Thanks Andavari.
I always have because it only makes sense to me.This is a "CRITICAL" reason. I am glad you pointed it out.
There are so many "esthetic" options that make me want to puke!!! How esthetic is that ?
davey
P.S. Thank you all. I think I might have fallen for that except I don't use UPS. Still is tricky though.

[AMG]

Hi,
I got this email today and unfortunetly we use UPS so much I opened it. When I clicked on the zip file nothing happened and my Norton alerted me that something was trying to change a registry & I blocked it. Does this mean I am not infected or do I need to call the Geek squad? Any help is appreciated.
AMG

Humpty, on Jul 22 2008, 09:51 AM, said:

Just got an email from a "United Parcel Service"

The attached word document is actually an exe in disguise and will unload malware if executed.
Virus Total
Malware.JPG

[Humpty]

I think you would have to execute the file within the zip to get infected and seeing as Norton stopped the zip from opening I would say you should be safe.

If you notice anything odd such as unexpected network activity then it would be advisable to post a Hijackthis log.

Any suspect attachments or files can be uploaded to Virus Total for a scan with several different av engines.

[AMG]

Humpty, on Jul 23 2008, 02:54 PM, said:

I think you would have to execute the file within the zip to get infected and seeing as Norton stopped the zip from opening I would say you should be safe.

If you notice anything odd such as unexpected network activity then it would be advisable to post a Hijackthis log.

Any suspect attachments or files can be uploaded to Virus Total for a scan with several different av engines.

I did. I ran Mcafee and it caught 4 trojans, repaired 1, removed 1 and then I deleted one. The last one was listed but it gave me no option to repair, remove so I am not sure what my status is at the moment. It froze my Internet Explorerer and Windows Media palyer but both came back after I ran the scan.

Any suggestions would be appreciated.

[Humpty]

You could try a scan with Dr Web Cureit which is a free standalone AV scanner.

Then run a scan with SuperAntispyware and if any probs are still around then probably post a Hijackthis log in the appropriate forum.

Which av are you using atm, Norton's or Mcafee?

[Seanie]

Hi all,

I just came across an email also, supposedly from UPS and the message read as follows...Dear customer.

The parcel was sent your home address.
And it will arrive within 3 business day.

More information and the tracking number are attached in document below.

Thank you.
© 1994-2011 United Parcel Service of America, Inc.

My God it isn't even in proper English!! (Grammar wise) There is an attachment with it (A UPS.Zip Download)Naturally I haven't opened it and I'm so glad that I read these posts first. I take it that so long as I haven't opened/downloaded the zip file, I'm ok yeah?

Regards to all

[Andavari]

Seanie, on 31 March 2011 - 12:23 AM, said:

I take it that so long as I haven't opened/downloaded the zip file, I'm ok yeah?

Holy old topic revival Batman!

If you haven't downloaded or opened the attachment you're fine, just delete the email and possibly block the sender.

[Corona]

I don't believe UPS would send an attachment anyway, they'd post all the info in the actual email. Matter of fact I don't believe UPS would email anyone except their biggest clients.

[slowday444]

Another reason to use Sandboxie (or similar). If you are using web mail I'm sure Sb is already at work. If you use a POP3 client like Outlook, OE or Thunderbird, be sure to enable Sb to always run them sandboxed!