madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Spamvertised United Parcel Service emails lead to scareware

By | June 10, 2011, 4:01am PDT

Summary: A currently ongoing malware campaign is impersonating the United Parcel Service.

A currently ongoing malware campaign is impersonating the United Parcel Service (UPS) in an attempt to trick users into executing the malicious UPS_Document.zip attachment.

Sample attachments: UPS_Document.zip

Sample subject: United Parcel Service notification

Sample message:Good morning
Parcel notification, The parcel was sent your home adress. And it will arrive within 3 buisness days. More information and the parcel tracking number are attached in document below. Thank you

United Parcel Service of America (c)
153 James Street, Suite100, Long Beach CA, 90000

Upon execution the malware sample downloads scareware variant detected as Mal/FakeAV-LI. Users are advised to pay extra attention when interacting with suspicious emails.

Related posts:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

United Parcel Service Of America Inc., E-mail, Online Communications, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 3 Talkback(s)

  • I've been getting those a couple of times per day in my Spam folder.
    As well as some purporting to be from DHL and FedEx.

    They get deleted without ever being opened.
    ZDNet Gravatar
    Hallowed are the Ori
    10th Jun
  • Errrrr
    People still falling for this crap? They've been trying this junk for years.
    ZDNet Gravatar
    Gis Bun
    10th Jun
  • Errrr #2
    Anyone notice that the message was sent in June, yet the message shows "May 2011". as well it says the parcel was "sent" - as if it was already delivered. They also include the fake parcel number in the message and then say it's included in the attached dovument - a.k.a. malware. At least the "good norning" was valid. happy
    ZDNet Gravatar
    Gis Bun
    10th Jun

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources