Tag Archives: UPS

3..2..1 – UPS Malware Blasts Off!

imageMy friends over at Commtouch, got me on the horn to advise me that the UPS email scam (with malware attached), has bounced up significantly. From what I can see, the malware is a Fake Alert Tojan which installs a rogue security application. So, be on your guard.

I’m on vacation this week, so I’ll post the Commtouch Café blog article verbatim.

A wild malware rollercoaster – over 500% increase

The UPS name is once again being used to spread vast amounts of email-attached malware.   The last week has seen an extraordinary increase – over 5.5 times the average level before the outbreak.  The attack closely resembles the large outbreak reported on at the end of March.  The graph below illustrates the increase:

image

There are numerous versions of the email text – some examples:

Good afternoon!

Dear Client , Recipient’s address is wrong

Please fill in attached file with right address and resend to your personal manager

With best regards , Your USPS .com Customer Services

Good afternoon!

Dear User , Delivery Confirmation: FAILED

Please print out the invoice copy attached and collect the package at our department

With respect to you , Your UPS Services

GOOD AFTERNOON!

Dear Client , We were not able to delivery the postal package

Please fill in attached file with right address and resend to your personal manager

With Respect , Your UPS .COM

ATTENTION!

DEAR CLIENT , RECIPIENT’S ADDRESS IS WRONG

PLEASE PRINT OUT THE INVOICE COPY ATTACHED AND COLLECT THE PACKAGE AT OUR DEPARTMENT

With best wishes , Your USPS .us Customer Services

These emails also come with a range of subjects such as:

  • USPS Attention 060532
  • USPS: DELIVER CONFIRMATION – FAILED 17592718
  • USPS id. 182407
  • USPS DELIVERY CONFIRMATION 7264145
  • From USPS 4009717
  • Your USPS id. 44531036
  • USPS ATTENTION 44123265

In the previous attack the filenames were quite limited – unlike this attack – some examples:

  • “ups_NR9Yl2673.zip”
  • “Ups_NR5pY500268590.zip”
  • “UPS_NR5Da3052.zip”
  • “MyUps_NR9hN8574.zip”
  • “MYUPS_NR5gX736615890.zip”

Reminder: In the last series of attacks the subjects were changed to use the DHL brand a few days after the initial attack.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Cyber Crime, Don't Get Scammed, Don't Get Hacked, email scams, Malware Advisories