Malware disguising as attachment of UPS notification email
January 28, 2009 at 11:01 am
If you have received an email that appears to be from UPS, please be careful. Do not rashly open the attachment of the email. Some spammers are disguising themselves as UPS to spread malware.
Here’s a screenshot of the sample email:
The attachment of this email is shown as a compression archive. It actually contains a malware which looks like a Microsoft Word or Excel file. If your system is set to hide the known file extension names, you can be easily cheated. The malware samples that we have collected have the names like: UPS_letter.doc.exe, UPSInvoice77179.exe and UPSInvoice_019002.exe. If you execute these malware, a banking Trojan will infect your system.
This type of spam appeared in mid-October last year and the number of it is still increasing recently. Based on our statistics, it has reached 6.84 percent of the total spam volume. According to our analysis, most of these spams originate from USA, the UK and Canada.
In order to evade antispam detection, variants of this spam have appeared. Not only “UPS”, but also “UMS” has been used to disguise it by spammers. For example, the “UMS” spams are about a contract (lease contract, opening an account, etc.). The attachment is usually called something like “Contract_N45.zip” which contains a malware variant.
The Fortinet antispam team has been keeping close watch on this type of spam.
All Posts
Twitter
FaceBook
LinkedIn
YouTube
Very informative article.Thanks Again. Fantastic.
I knew exactly what this was before attempting to download the attachment. I was just testing Yahoo’s anti-virus scanning and it worked fine on this attachment. Since I don’t use Windows, this malware wouldn’t matter to my operating system anyway. It’s just good to know that Yahoo would have saved my system even if I were using Windows.
I have recently been receiving several UPS and FedEx notifications via e-mail. My computer has “captured” them as spam, and I always delete them. Just for your information! I get, on average 5 to 8 weekly!
Got “UPS Notification” in my Yahoo spam folder (should have been my first clue). Was a .zip file, which then “activated Win 7 Anti Virus”. Every time I tried to open a Web browser, the “Win7 Anti Virus” would supposedly run, informing me of various malware I was infected with. Could not get beyond the scan, and a menu wanting me to buy the Anti Virus program.
After trying several work-arounds, simply restored my system to a previous known-good version (I have Windows 7, which thankfully establishes versions prior to any installs). All is OK now.
Ciao.