Thread: UPS email attachment virus
-
July 15th, 2008, 01:16 PM #1
UPS email attachment virus
Attention Virus Warning
There's an email going around claiming to be from UPS that is not. It claims a package delivery failure and asks the recipient to open the attached waybill, which is the actual viral payload.
Does anyone have any exact details of this email's current structure? I've found one person who said the subject was "UPS Tracking Number ....." - If anyone has any more details regarding this email I would appreciate it.
Last edited by SiliconJon; January 20th, 2010 at 12:15 PM.
-
July 16th, 2008, 11:05 AM #2Junior Member
- Join Date
- Jul 2008
- Posts
- 1
UPS Attachment Virus
Just an FYI this morning I had to call UPS about delivery of a package. The customer service agent was sure to let me know to be on the alert for any UPS emails received that contain attachements. Apparently, there is an UPS email circulating that appears to contain a shipping exception but asks you to open an attachment to see what the exception is. The attachment, when open, contains a virus.
-
July 22nd, 2008, 01:06 AM #3Junior Member
- Join Date
- Jul 2008
- Posts
- 2
UPS EMAIL VIRUS
I got this email today, it said;
Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
It contained a file called UPS_INVOICE_978172.zip (which is an archive containing an exe file --> the virus).
The spoofed email addressed used was gujmodmbmwax@branchoffice.com.au
-
July 22nd, 2008, 01:08 AM #4Junior Member
- Join Date
- Jul 2008
- Posts
- 2
UPS EMAIL VIRUS
I got this email today, it said;
Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
It contained a file called UPS_INVOICE_978172.zip (which is an archive containing an exe file --> the virus).
The spoofed email addressed used was gujmodmbmwax@branchoffice.com.au
-
July 22nd, 2008, 10:37 AM #5
Thank you - I was looking for some of the text that is in the email to assist in filtering the message from entering our email system should one try.
-
July 22nd, 2008, 10:55 AM #6Junior Member
- Join Date
- Jul 2008
- Posts
- 1
UPS_INVOICE_978172.zip
I too have received this e-mail but was not bright enough to recognise it for what it was. As I just happen to be overdue a package from UPS I jumped straight in and opened the attachment. I phoned UPS who have an automated message warning about the e-mail and attaching virus but they gave no more detail. All I can tell you is that the e-mail I received used the following:-
Subject: UPS Tracking Number 0595577501
Attachments: UPS_INVOICE_978171.zip
Sent from United Parcel Services (dsrtyyksygw@bobdillonwindsorchairs.com)
The following website appears to have a copy of the attachment but I dare not open it again so I do not know what it actual does:-
This Was In My Email - BitDefender Forum
I have run and rerun my Norton 360 antivirus which detects and quarantines some Tracking Cookies but I am none the wiser as to the effects and whether my laptop is infected. To date I have not noticed any ill-effects. If you have any further information an update would be much appreciated.
Does anyone know what the virus actually does?
-
July 22nd, 2008, 11:04 AM #7
This Post states the cleanup to be easy, though I have not experienced an infection nor come across any AV vendor or security sites (whose analysis is needed) that confirm removal to be as simple.
You will want to delete any restore points created since the arrival of the infected email.**Note**Right click my computer and go to properties,click system restore tab and turn it off,otherwise you're saving your virus!
1:delete the email from the sent items,inbox,outbox and deleted items in Outlook.
2:delete every file (not folders) from your "c:/documents and settings/yourusername/localsettings/temp... folder (I suggest using spybots file shredder with a 5 pass overwrite)
3:reboot and rerun a few cleanup scans with your antispy/malware and then with your antivirus and you should be good to go.
Simple as that!
-
July 22nd, 2008, 06:17 PM #8Junior Member
- Join Date
- Jul 2008
- Posts
- 1
UPS email file attachment
This is what I just received, I thought it was a bit suss and glad I did a bit of research before opening the attachment.
Return-Path: <jjvv@blem.com>
Received: from nskntingx05p.mx.bigpond.com ([216.212.61.154])
by nskntmtas05p.mx.bigpond.com with ESMTP
id <20080722130507.UARA16527.nskntmtas05p.mx.bigpond. com@nskntingx05p.mx.bigpond.com>;
Tue, 22 Jul 2008 13:05:07 +0000
Received: from host61-154.birch.net ([216.212.61.154])
by nskntingx05p.mx.bigpond.com with ESMTP
id <20080722130504.TXCI2223.nskntingx05p.mx.bigpond.c om@host61-154.birch.net>;
Tue, 22 Jul 2008 13:05:04 +0000
Received: from [216.212.61.154] by vmx0.viatel.net; Tue, 22 Jul 2008 07:05:04 -0600
Message-ID: <01c8ebc9$43e39000$9a3dd4d8@jjvv>
From: "United Parcel Service" <jjvv@blem.com>
To: <shantidwyer@bigpond.com>
Subject: UPS Tracking Number 3897844287
Date: Tue, 22 Jul 2008 07:05:04 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_01C8EBC9.43E39000"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
X-RPD-ScanID: Class bulk; VirusThreatLevel high, RefID str=0001.0A150202.488542CC.0004,ss=3,sh,vtr=0001.0 A150204.488518F4.0081,vl=2,vh,fgs=0
X-Antivirus: AVG for E-mail 8.0.138 [270.5.3/1565]
This is a multi-part message in MIME format.
------=_NextPart_000_0006_01C8EBC9.43E39000
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Unfortunately we were not able to deliver postal package you sent on July the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
No virus found in this incoming message.
Checked by AVG - AVG Anti-Virus and Internet Security - Real-time protection against viruses, spyware and malicious websites
Version: 8.0.138 / Virus Database: 270.5.3/1565 - Release Date: 7/21/2008 6:36 PM
------=_NextPart_000_0006_01C8EBC9.43E39000
Content-Type: application/zip;
name="UPS_INVOICE_978172.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="UPS_INVOICE_978172.zip"
-
July 23rd, 2008, 07:36 AM #9Junior Member
- Join Date
- Jul 2008
- Posts
- 1
UPS virus email
Here's a copy and paste from the email:
-----Original Message-----
From: United Parcel Service [mailto:ter@tequa.com]
Sent: Monday, July 21, 2008 5:58 PM
To:
Subject: UPS Tracking Number 3414109644
Viruses found in the attached files.
The file UPS_INVOICE_978172.zip: Trojan horse SHeur.BXZJ. The attachment was moved to the virus vault.
The original message follows:
Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
-
July 23rd, 2008, 09:33 AM #10Junior Member
- Join Date
- Jul 2008
- Posts
- 1
UPS virus
I have today received this e-mail from 'UPS':
Unfortunately we were not able to deliver postal package you sent on July the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
The attachment is a zip file which made me immediately suspicious adding to the strange e-mail sender's address (tennisqueen5dd@pokigo.net)
Hope this helps!
-
July 23rd, 2008, 11:05 AM #11Junior Member
- Join Date
- Jul 2008
- Posts
- 1
Message title
There are different tracking numbers quoted in the message subject line. Mine says "UPS Tracking Number 9686554756". The invoice number in the attachment seems to be constant though.
-
July 23rd, 2008, 11:29 AM #12Junior Member
- Join Date
- Jul 2008
- Posts
- 1
UPS Email
We got this too:
Subject line: [RE] UPS Tracking Number 7337122362
Body:
Unfortunately we were not able to deliver postal package you sent on July
the 1st in time
because the recipients address is not correct.
Please print out the invoice copy attached and collect the package at our
office
Your UPS
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.526 / Virus Database: 270.5.5/1568 - Release Date: 7/23/2008
6:55 AM
Sender: rqwyhiygwxd@bmwpartstore.com
Attachment: UPS_INVOICE_187271.zip
Good ol' AVG Free! (Being snide)
Fortunately, we don't ship anything UPS, so this immediately caught our eye; not to mention the recipient does not exist--we receive everything to our domain.
-
July 23rd, 2008, 04:46 PM #13Junior Member
- Join Date
- Jul 2008
- Posts
- 1
UPS Virus
I just got this today. Luckily my antivirus removed it right away. It was a UPS tracking number, but the number was quite a bit shorter than an actual UPS tracking number. It had no UPS logos or anything. It just said that I had shipped a package on July 1st, and it had an incorrect address and to open the attachment to print the invoice to take to the UPS store to pick up my package.
-
July 23rd, 2008, 05:12 PM #14Junior Member
- Join Date
- Jul 2008
- Posts
- 1
UPS bogus email
I just got it - do you want me to forward it to you? If so, please email me at gigi@charmingstation.com
-
July 23rd, 2008, 05:38 PM #15
-
July 23rd, 2008, 10:40 PM #16Junior Member
- Join Date
- Jul 2008
- Posts
- 4
More info about this virus
I had a client who opened this attachment today, within 10 minutes it had downloaded and installed multiple pieces of spyware, one of them being a fake windows security center warning.
The spyware infects startup items, AppInit_dlls (registry), userinit= (registry), and added a winlogon value (called 'crypt.dll' in my instance). I was able to remove the winlogon file with the utility 'moveonboot', google it or search for it on download.com, seems to work pretty good.
Hope this helps.
-Brad Grorud
-
July 24th, 2008, 04:11 AM #17Junior Member
- Join Date
- Jul 2008
- Posts
- 2
UPS Email virus
Received this virus on a work computer unfortunately as a lady in admin opened the attachment.
the virus is a malware trojan braviax.exe which upon removal reappears as buritos.exe.
Can be removed from the registry files Cm2 consulting have good instructions CM2 Consulting however I am not confident when deleting registry entries, Norton wouldn't pick up the trojan just detected it as PERFCOO , I then found AVG wouldn't install onto the machine so used SDFix and combofix from the myantispyware.com website. Following these instructions left me with buritos.exe trojan. AVG would then install and quickly cleaned up all the crap that was downloaded and looking at the full list of processes running it seems to have removed all trace of the trojan.
Hope this helps someone
Nick Pearson, UK
-
July 24th, 2008, 07:07 AM #18Junior Member
- Join Date
- Jul 2008
- Posts
- 1
I downloaded the zip file, opened it but as soon as I noticed it was an exe file I quickly deleted it (so I didn't extract it or anything like that, Winzip was only showing me what the file was). Is my computer infected? I haven't noticed anything unusual (thus far)
edit: Oh yeah, the email was from teeq@abi.qc.ca
"invoice_8712.zip (49KB)"
UPS Tracking Number 8142018720Last edited by backslahsio; July 24th, 2008 at 07:09 AM.
-
July 24th, 2008, 12:01 PM #19Junior Member
- Join Date
- Jul 2008
- Posts
- 1
UPS Viral Email
Gmail has informed me the attachment is unsafe - could be viral, malware or spyware, I'm not downloading to find out.
from United Parcel Service <oeeh@bodygraphics.com.au>
to ***********
date Jul 23, 2008 9:52 PM
subject UPS Tracking Number 4499228271
Unfortunately we were not able to deliver postal package you sent on July the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
attachment
invoice_8712.zip
-
July 24th, 2008, 03:14 PM #20Junior Member
- Join Date
- Jul 2008
- Posts
- 1
We opened the UPS file-- Bad results!
By mistake, one of my employees opened the email that is the subject of this thread. It was bad news! His computer is now not operable. We cannot open Outlook, or any web browser, or any programs. We have our techies working on it.
It is BAD NEWS! The email was quite clever-- I had received several of these emails (without opening it fortunately) but I had to look closely to recognize that it was not UPS.
DO NOT OPEN THE FAKE UPS EMAILS!
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Send email w/attachment - email goes thru, but no attachment??
By plucky duck in forum Technical SupportReplies: 4Last Post: February 20th, 2009, 01:31 PM -
MS Access ACtion button Send Email WITH ATTACHMENT
By Marvinator in forum Applications and Operating SystemsReplies: 0Last Post: November 5th, 2007, 01:26 PM -
email attachment Part 1.2?
By Turnip12 in forum Technical SupportReplies: 6Last Post: February 9th, 2005, 03:40 AM -
email attachment virus
By marie_selle in forum General Tech DiscussionReplies: 5Last Post: November 12th, 2004, 01:37 AM -
Is there an Email reader for *.email attachment?
By H T I Tech in forum General Tech DiscussionReplies: 6Last Post: April 13th, 2004, 04:10 PM



LinkBack URL
About LinkBacks




Reply With Quote

Via Wikipedia: Paranormal Witness is an American paranormal documentary television series described as featuring "eyewitness accounts" from "everyday people" who claim to have experienced paranormal...
Paranormal Witness is an American...