Spamvertised United Parcel Service notifications lead to malware

Spamvertised United Parcel Service notifications lead to malware

Summary: A currently spamvertised campaign is brand-jacking United Parcel Service (UPS) for malware-serving purposes.

SHARE:
TOPICS: Security, Malware
19

A currently spamvertised campaign is brand-jacking United Parcel Service (UPS) for malware-serving purposes.

Sample subject: United Parcel Service notification

Sample attachments: UPSnotify.rar; UPSnotify.exe

Sample message: Dear customer. The parcel was sent your home address. And it will arrive within 7 business day. More information and the tracking number are attached in document below. Thank you. © 1994-2011 United Parcel Service of America, Inc.

Upon execution the malware (UPSnotify.exe) downloads additional binaries including a scareware variant. Users are advised to avoid interacting with suspicious attachments.

Topics: Security, Malware

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • RE: Spamvertised United Parcel Service notifications lead to malware

    thanks, just had a user attempt to download one of these this morning. Thankfully, our Netgear UTM blocked it.
    PepperdotNet
  • Seems like wasted breath.

    "Users are advised to avoid interacting with suspicious attachments."

    If they haven't learned this by now they're not likely to ever do so.
    ye
  • RE: Spamvertised United Parcel Service notifications lead to malware

    Get various ones each week
    gordygreytop@...
  • RE: Spamvertised United Parcel Service notifications lead to malware

    This UPS-themed attachment was detected and blocked by Yahoo email's Norton scan. However, the Fedex-themed attachment received last week wasn't. Just goes to show how lame AV is these days.

    VirusTotal's look at the Fedex attachment:
    http://www.virustotal.com/file-scan/report.html?id=cb082f9a9b0df4deaa755d88f4b6431ecda5deea7d36791a4c1938c2b7d3438c-1300651243
    ejhonda
    • A/V has been lame for quite some time.

      @ejhonda: [i]Just goes to show how lame AV is these days.[/i]

      Yet it continues to be recommended as a means to protect your computer. IMO A/V software essentially is limited to helping people catch known trojans.
      ye
    • RE: Spamvertised United Parcel Service notifications lead to malware

      @ejhonda:However, the Fedex-themed attachment received last week wasn't.<br> I had just the opposite effect. I even signed up on Norton, just so I could post how sorry their AntiVirus is. I found it strange, that in the UPS email, Norton would catch it about 1 in 20 times I tried to open it! If the AV does not catch it the first time, what good is it? I am so sick of Norton, I figured this would put it in their face!

      http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-AntiVirus/m-p/421976#M153090

      No viruses detected
      The virus scan did not find any viruses in your attachment. Click the download button to continue.
      United Parcel Service document.zip (6KB)

      Virus detected
      The attachment you are trying to download contains a virus and it can not be cleaned.
      FedEx notice.zip (10KB)
      HRIRAR
  • RE: Spamvertised United Parcel Service notifications lead to malware

    I should have known better, but because I was expecting a package I thought this might have been legit and downloaded it, now I cant get rid of it. Advice please!
    Becabpg
    • RE: Spamvertised United Parcel Service notifications lead to malware

      @Becabpg I'm guilty of the same thing, Norton did catch it but I thought it was a mistake as I too was expecting something via UPS, but anyway, I used combofix, from bleeping.com(pay attention to the .com it is NOT .org) and it has worked (so far) I hope your as lucky with it a I was.
      cjbcarousel
  • Think a bit

    Really....just use your brain a little and people could avoid these issues. I mean, how would UPS get your email address?
    candy21
    • RE: Spamvertised United Parcel Service notifications lead to malware

      @candy21:I mean, how would UPS get your email address? The BIG clue to me was, both UPS and FedEx had multiple email Cc:s. As for UPS having personal email addresses, I do a lot of business with both companies. I gave them my email address, so they can keep me informed of my package tracking. Only both of these had multiple Cc:s, all with Yahoo emails, and all were alphabetically sequenced. DEAD giveaway!!
      HRIRAR
  • Incomplete story

    While it was good to alert people, nothing was said about how it installed into your computer, and if a rollback would undo it's damage or what to do. If you write an article about something like this, then increase the value of the article by providing repair solutions that are known to work. And for the comments section, the old rules don't always work. If you've never been caught, your day is coming and with the thousands of malware/virus/spoofs that are out there, your day to be foiled may be just around the corner. Be quick to help, not condemn or ridicule.
    david@...
  • RE: Spamvertised United Parcel Service notifications lead to malware

    I received 2 of these UPS emails and was receiving pkg's I was expecting from them. Since the arrival dates were wrong, I finally decided to open them, also because I had cancelled one of the pkg's. I can't remove them from my inbox, when attachment in clicked they go to a zip file, but can't be opened..I have Norton. Am I protected from Malware?
    artjud
    • RE: Spamvertised United Parcel Service notifications lead to malware

      @artjud:I have Norton. Am I protected from Malware?
      First read the reply I sent to candy21. Dead giveaway!
      Second, to answer this question in two letters: NO!
      Read the reply I sent to ejhonda.
      HRIRAR
    • RE: Spamvertised United Parcel Service notifications lead to malware

      OOPS
      HRIRAR
  • RE: Spamvertised United Parcel Service notifications lead to malware

    I got that e-mail today and some other day. I don't click on the attachment since I'm afraid my computer will go bad. Luckily, I have Trend Micro Internet Security on my home computer since March 10 of this year. Especially if I rebuild my brother's computer and upgrade my grandpa's old IBM Aptiva, I might want to install either the Microsoft Security Essentials (Freeware - $0.00) or upgrade my Trend Micro to a 3-user subscription (for $20.00 more). For those who have a crappy Anti-Virus, like McAfee, Norton, or others, except for Microsoft Security Essentials, ESET Nod32 Anti-Virus, or Trend Micro, I would recommend you get the Trend Micro Internet Security Suite (approx. $29.99 MSRP + State Tax for a 1-user edition, $49.99 MSRP + State Tax for a 3-user edition, or $79.99 MSRP + State Tax for a 5-user edition). If you get something from USPS (United States Postal Service) or FDIC (Federal Deposit Insutance Corporation) with a tracking number, add the recipient's e-mail address to your blacklist (block this e-mail)* and delete the e-mails immediately since your computer will get infected, even Mac's and Linux OSes can still get infections.

    *go to your ISP's e-mail help, or other e-mail client's help guide to block e-mails. For Hotmail/Windows Live Mail, check the box on the e-mail that's in the Junk mail folder (or Microsoft blocks those e-mails), click Sweep and click on Block From (adds the e-mail addresses to the blacklist) and click OK, and delete the e-mail(s) from your Delete folder.
    ben_ben2
  • RE: Spamvertised United Parcel Service notifications lead to malware

    I actually have been in fact awaiting some response from the united parcel so I did not hesitate in opening the attachment and downloading it to my laptop. When I opened it, there were over 50 different files that needed to be extracted. At that point, I realized that it may be some type of virus. What can I do to insure my computer is safe from this attachment?
    Alwaysliz0920
  • RE: Spamvertised United Parcel Service notifications lead to malware

    I received an Email claiming to be a UPS notification. A couple of interesting points. #1) My Hotmail had automatically detected it as SPAM and dumped it in the Junk folder. #2) upon examination 2 red flags went up. It had 2 attachments .... one an HTM doc the other a zip file. Any kind of attachments in this kind of mail is a red flag. However HTM and zips are a dead give away that something is wrong. Another thing you people who are using or depending on the big Three to protect you .... (Norton-Mcaffee-Trendmicro) Dont know what this bunch did to make cyberspace as unsafe as it is. I highly reccomend NOD32 or Kaspersky. BitDefender looks to be pretty good too.
    Craigs Computers
  • RE: Spamvertised United Parcel Service notifications lead to malware

    A great phishing email too. The format was very close to the actual UPS mails. A great way to socially engineer the victims IMHO.
    - Pooja
    http://www.brightaxis.com
    brightaxis
  • RE: Spamvertised United Parcel Service notifications lead to malware

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    talih