15 July 08 - "...The aim of these emails is not to inform us of the impossibility to deliver a postal package, but to entice us to open the attached file to infect our computers (detected as Trj/Agent.JEN). This malware is copied in the system, replacing the Windows Userinit.exe (this file is the one which runs explorer.exe, the interface of the system and other important processes), copying the legitimate file as userini.exe, so that the computer can work properly. Additionally, it establishes a connection with a Russian domain, which has been used on some occassions by banker Trojans. From this domain it will redirect the request to a German domain in order to download a rootkit and a rogue antivirus, detected as Rootkit/Agent.JEP and Adware/AntivirusXP2008 respectively..."
"We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up. This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately. UPS may send official notification messages on occasion, but they rarely include attachments..."
July 16, 2008 (Screenshots...)
Edited by apluswebmaster, 16 July 2008 - 03:30 PM.