|
awenlock -> More UPS Invoice E-Mails with Infected Attachment (9/17/2008 4:17:52 PM)
|
It seems that the UPS invoice tracking e-mails have re-surfaced again. Reports on the ISC website have details of an example e-mail:
quote:
Email header:
To: victims@email.address
Subject: Re: missing package
From: John Henry <johnhenry.support@ups.com>
Reply-To: johnhenry.support@ups.com
Email body:
Mr./Mrs. Victims First and Last name
I am sorry for this late reply, but we have good news.
We managed to track your package, and we have attached the
invoice you asked for to this reply.
The invoice contains the correct tracking# , since the one
you gave us was invalid.
You can use it on the ups website to track your shipment.
Thank you
John Henry
UPS Customer Care Department
From: victim’s name and email address
Subject: missing package
To: support@ups.com
Date: Monday, September 8 , 2008, 10:38 AM
I have recently used UPS to send a package to my cousin but
he never received it.
Also , the tracking number doesn't check on the website, and
I lost the invoice.
Can you forward me a copy?
Here you have the tracking# : 03073332100016836200
It seems that the attachment name is invoice.zip.
As with any new virus the detection is slowly catching up. At the time of the article on ISC only 9 Virus products out of 36 detected the virus but I'm sure this will have improved by now as more vendors put detection into their virus updates.
Certainly one to keep an eye on and make your users are aware.
Links:
ISC: http://isc.sans.org/diary.html?storyid=5051
Regards
Alan
|
|
|
|
