Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation



Issue 84 - August 2008 - Page 5

Pages in this month's issue:
  1. Barack Obama in Afghanistan Protest Email
  2. 'Buy Airplane Ticket Online' Trojan Email
  3. Rottnest Island Great White Shark Hoax
  4. Robert Mugabe Mansion Photographs
  5. Not Able to Deliver UPS Package Malware Email
  6. Prime Minister Howard - Muslims Out Of Australia
  7. Lightning Storm Meets Volcanic Eruption Photos
  8. Ball Girl Wall Climb Catch Video
  9. Google Workplace Photographs - Google's Zurich Office
  10. Google AdWords Phishing Scam
  11. German Truck Art
  12. Lottery Scam Payment Requests - Sky Express Couriers
  13. Diamond Covered Mercedes Photographs
  14. Incredible Chinese Love Story
  15. Johan Lorbeer Gravity Defying Street Performance Photographs
  16. Nadezhda - Russian Dating Scammer
  17. Fake $5 Off Target Coupons

Issue 84 Start Menu

Previous Article            Next Article

Not Able to Deliver UPS Package Malware Email

Summary:
Email purporting to be from delivery company, UPS, claims that a package sent by the recipient could not be delivered. The message instructs the recipient to open an attachment to print out an invoice (Full commentary below).



Status:
False - Attachment carries malware

Example:(Received, July 2008)
From: "UPS Packet Service"

Subject: UPS Paket N0143034179


Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office

Your UPS




Commentary:
According to this email message, United Parcel Service (UPS) could not deliver a package sent by the recipient because the delivery address was incorrect. The email urges the recipient to open an attached file so that an invoice for the package can be printed out.

However, the email was not sent by UPS and the information about the package delivery failure is untrue. In fact, the email attachment contains a malicious computer program. UPS has published the following warning about the fake notification emails on its website:
Attention Virus Warning
Service Update


We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.

Thank you for your attention.
The attachment contains malware, detected as Trj/Agent.JEN by Internet Security company PandaLabs, that can replace an important file on Windows computers and then download other malware to the infected computer. PandaLabs notes:
This malware is copied in the system, replacing the Windows Userinit.exe (this file is the one which runs explorer.exe, the interface of the system and other important processes), copying the legitimate file as userini.exe, so that the computer can work properly.

Additionally, it establishes a connection with a Russian domain, which has been used on some occassions by banker Trojans. From this domain it will redirect the request to a German domain in order to download a rootkit and a rogue antivirus, detected as Rootkit/Agent.JEP and Adware/AntivirusXP2008 respectively.
If you receive an email similar to the example quoted above, do not open any attachments that come with the message or click on any links that it may contain.

References:
UPS - Attention Virus Warning
Fake UPS Invoice Email
E-mail allegedly from UPS delivers a computer virus

Previous Article            Next Article

Issue 84 Start Menu

Pages in this month's issue:
    1. Barack Obama in Afghanistan Protest Email
    2. 'Buy Airplane Ticket Online' Trojan Email
    3. Rottnest Island Great White Shark Hoax
    4. Robert Mugabe Mansion Photographs
    5. Not Able to Deliver UPS Package Malware Email
    6. Prime Minister Howard - Muslims Out Of Australia
    7. Lightning Storm Meets Volcanic Eruption Photos
    8. Ball Girl Wall Climb Catch Video
    9. Google Workplace Photographs - Google's Zurich Office
    10. Google AdWords Phishing Scam
    11. German Truck Art
    12. Lottery Scam Payment Requests - Sky Express Couriers
    13. Diamond Covered Mercedes Photographs
    14. Incredible Chinese Love Story
    15. Johan Lorbeer Gravity Defying Street Performance Photographs
    16. Nadezhda - Russian Dating Scammer
    17. Fake $5 Off Target Coupons