UPS email attachment virus  | | | 
July 23rd, 2008, 12:05 PM
|
#11 (permalink)
| | Junior Member
Join Date: Jul 2008
Posts: 1
|
There are different tracking numbers quoted in the message subject line. Mine says "UPS Tracking Number 9686554756". The invoice number in the attachment seems to be constant though. | 
|  | |
July 23rd, 2008, 12:29 PM
|
#12 (permalink)
| | Junior Member
Join Date: Jul 2008
Posts: 1
|
We got this too:
Subject line: [RE] UPS Tracking Number 7337122362
Body:
Unfortunately we were not able to deliver postal package you sent on July
the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our
office
Your UPS
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.526 / Virus Database: 270.5.5/1568 - Release Date: 7/23/2008
6:55 AM
Sender: rqwyhiygwxd@bmwpartstore.com
Attachment: UPS_INVOICE_187271.zip
Good ol' AVG Free! (Being snide)
Fortunately, we don't ship anything UPS, so this immediately caught our eye; not to mention the recipient does not exist--we receive everything to our domain. | |
| | |
July 23rd, 2008, 05:46 PM
|
#13 (permalink)
| | Junior Member
Join Date: Jul 2008
Posts: 1
|
Quote:
Originally Posted by SiliconJon  Attention Virus Warning
There's an email going around claiming to be from UPS that is not. It claims a package delivery failure and asks the recipient to open the attached waybill, which is the actual viral payload.
Does anyone have any exact details of this email's current structure? I've found one person who said the subject was "UPS Tracking Number ....." - If anyone has any more details regarding this email I would appreciate it. | I just got this today. Luckily my antivirus removed it right away. It was a UPS tracking number, but the number was quite a bit shorter than an actual UPS tracking number. It had no UPS logos or anything. It just said that I had shipped a package on July 1st, and it had an incorrect address and to open the attachment to print the invoice to take to the UPS store to pick up my package. | |
| | |
July 23rd, 2008, 06:12 PM
|
#14 (permalink)
| | Junior Member
Join Date: Jul 2008
Posts: 1
|
| |
| | |
July 23rd, 2008, 06:38 PM
|
#15 (permalink)
| | 983571056^983571056
Join Date: Feb 2003 Location: Bethalto, IL
Posts: 7,012
| Quote:
Originally Posted by ggmcbreen | No, but thanks! I'm not looking to analyze the payload, only aid in preventing its detection and/or prevention. Somebody will probably want to check it out, though.
__________________
Just because there is nothing wrong with saying what you are thinking does not mean there is nothing wrong with what you are thinking. - Jon Silveus
| |
| | |
July 23rd, 2008, 11:40 PM
|
#16 (permalink)
| | Junior Member
Join Date: Jul 2008
Posts: 1
| More info about this virus
I had a client who opened this attachment today, within 10 minutes it had downloaded and installed multiple pieces of spyware, one of them being a fake windows security center warning.
The spyware infects startup items, AppInit_dlls (registry), userinit= (registry), and added a winlogon value (called 'crypt.dll' in my instance). I was able to remove the winlogon file with the utility 'moveonboot', google it or search for it on download.com, seems to work pretty good.
Hope this helps.
-Brad Grorud | |
| | |
July 24th, 2008, 05:11 AM
|
#17 (permalink)
| | Junior Member
Join Date: Jul 2008
Posts: 2
|
Received this virus on a work computer unfortunately as a lady in admin opened the attachment.
the virus is a malware trojan braviax.exe which upon removal reappears as buritos.exe.
Can be removed from the registry files Cm2 consulting have good instructions CM2 Consulting however I am not confident when deleting registry entries, Norton wouldn't pick up the trojan just detected it as PERFCOO , I then found AVG wouldn't install onto the machine so used SDFix and combofix from the myantispyware.com website. Following these instructions left me with buritos.exe trojan. AVG would then install and quickly cleaned up all the crap that was downloaded and looking at the full list of processes running it seems to have removed all trace of the trojan.
Hope this helps someone
Nick Pearson, UK | |
| | |
July 24th, 2008, 07:07 AM
|
#18 (permalink)
| | Junior Member
Join Date: Jul 2008
Posts: 4
| | |
| | |
July 24th, 2008, 08:07 AM
|
#19 (permalink)
| | Junior Member
Join Date: Jul 2008
Posts: 1
|
I downloaded the zip file, opened it but as soon as I noticed it was an exe file I quickly deleted it (so I didn't extract it or anything like that, Winzip was only showing me what the file was). Is my computer infected? I haven't noticed anything unusual (thus far)
edit: Oh yeah, the email was from teeq@abi.qc.ca
"invoice_8712.zip (49KB)"
UPS Tracking Number 8142018720
Last edited by backslahsio : July 24th, 2008 at 08:09 AM.
| |
| | |
July 24th, 2008, 01:01 PM
|
#20 (permalink)
| | Junior Member
Join Date: Jul 2008
Posts: 1
|
Gmail has informed me the attachment is unsafe - could be viral, malware or spyware, I'm not downloading to find out.
from United Parcel Service <oeeh@bodygraphics.com.au>
to ***********
date Jul 23, 2008 9:52 PM
subject UPS Tracking Number 4499228271
Unfortunately we were not able to deliver postal package you sent on July the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
attachment
invoice_8712.zip | |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions  | | | | |   Recent Discussions  | | | | |
 |
hardware
prices 
