MSMVPS.COM

The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Welcome to MSMVPS.COM Sign in | Help
in Search
Home Blogs Media Groups

Harry Waldron - Microsoft MVP Blog

Security News and Best Practices for corporate and home users

United Parcel Service - Fake email for package non-delivery

Email McAfee and other AV vendors are highlighting this latest social engineering attack.  A well disquised email message appears to come from UPS.  It claims that a package cannot be delivered unless the fake waybill attachment is selected. 
 
Users selecting these attachments will be infected with malicious code from a downloader that originates from a Russian website

United Parcel Service - Fake email for package non-delivery 
http://vil.mcafeesecurity.com/vil/content/v_132901.htm
http://wcco.com/techcenter/ups.email.virus.2.771489.html
http://urbanlegends.about.com/b/2008/07/15/ups-virus-warning.htm
http://www.startribune.com/local/25464324.html
http://www.ups.com/content/us/en/about/news/service_updates/virus_us.html

QUOTE: United Parcel Service is warning of a computer virus circulating under the guise of an e-mail from UPS. According to a release from UPS, the virus is attached to an e-mail that warns readers they have a shipment that couldn't be delivered unless they click on the attachment. The e-mail claims the attachment contains a waybill that will allow the undelivered package to be picked up.

COPY OF EMAIL MESSAGE: (spoofed to appear from UPS)

"Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office. 
 
Your UPS"

The attached file is an executable which downloads files from the following server:

hxxp: //fixaserver (dot) ru / ldr / [Removed]

Only published comments... Jul 16 2008, 03:59 PM by Harry Waldron

Comments

 

Kevin Ball said:

They seem to have updated the content of the e-mail, I received this today

Good day,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,

Errol Hastings

Your Customs Service

July 25, 2008 5:27 AM
 

louise college said:

i have recieved this email today, i opened thew email but not the attachment, since then my computer has not worked properly, none of my number buttons work, i cannot do a system restore or open files, i have done three virus checks with 3 different companies but cannot find a virus, my computer was fine until this email came, i am not running a fourth checker that is scanning files that i shouldnt have on my system, it includes thousands of full file games which i dont even have on my system, i really think there is no hope and i may lose everything on my system, i warn anyone if you see a email from ups dont even open it, DELETE IT!!!

August 5, 2008 12:41 PM
 

Simon said:

Received the e-mail this evening - fortunately the BT filter on my e-mail account picked up the virus and deleted the file.

Also received one yesterday from another American company with a suggestion that they had received my bank statement by e-mail and wanted me to stop the bank sending further personal infomation - the attached "statement" would have been another virus but good old BT blocked that as well.

September 11, 2008 3:30 PM
 

Shane said:

I have just received this one today

Unfortunately we were not able to deliver postal package you sent on Sept the 18 in time

because the recipient's address is not correct.

Please print out the invoice copy attached and collect the package at our office

Your UPS

September 28, 2008 1:42 PM
 

Bitten said:

I have just received this one yesterday

Unfortunately we were not able to deliver postal package you sent on Sept the 28 in time

because the recipient’s address is not correct.

Please print out the invoice copy attached and collect the package at our office

Your UPS

September 30, 2008 11:47 PM
 

carm vass - b'ham england said:

I received this email today...did not open the attachment.  It said, "Unfortunately we were not able to deliver postal package you sent on Sept the 28 in time

because the recipient's address is not correct.  Please print out the invoice copy attached and collect the package at our office.  Your UPS"

October 1, 2008 12:49 PM

Leave a Comment

(required) 
(optional)
(required) 
Submit

This Blog

Syndication

Recent Posts

Archives

Personal Links


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems