Jump to content


Photo

Fake UPS Invoice - email virus...


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 16 July 2008 - 02:17 PM

FYI...

- http://pandalabs.pan...oice-Email.aspx
15 July 08 - "...The aim of these emails is not to inform us of the impossibility to deliver a postal package, but to entice us to open the attached file to infect our computers (detected as Trj/Agent.JEN). This malware is copied in the system, replacing the Windows Userinit.exe (this file is the one which runs explorer.exe, the interface of the system and other important processes), copying the legitimate file as userini.exe, so that the computer can work properly. Additionally, it establishes a connection with a Russian domain, which has been used on some occassions by banker Trojans. From this domain it will redirect the request to a German domain in order to download a rootkit and a rogue antivirus, detected as Rootkit/Agent.JEP and Adware/AntivirusXP2008 respectively..."

* http://www.ups.com/c...s/virus_us.html
"We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up. This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately. UPS may send official notification messages on occasion, but they rarely include attachments..."

- http://blog.trendmic...rojans-deliver/
July 16, 2008 (Screenshots...)

//

Edited by apluswebmaster, 16 July 2008 - 03:30 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#2 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,101 posts

Posted 16 July 2008 - 02:38 PM

yep...

Info in Polish as well:

http://di.com.pl/new...zalaczniku.html
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button