Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation











Not Able to Deliver UPS Package Malware Email

Summary:
Email purporting to be from delivery company, UPS, claims that a package sent by the recipient could not be delivered. The message instructs the recipient to open an attachment to print out an invoice (Full commentary below).



Status:
Email is not from UPS - Attachment carries malware

Example:(Received, July 2008)
From: "UPS Packet Service"

Subject: UPS Paket N0143034179

Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office

Your UPS




Commentary:
According to this email message, United Parcel Service (UPS) could not deliver a package sent by the recipient because the delivery address was incorrect. The email urges the recipient to open an attached file so that an invoice for the package can be printed out.

However, the email was not sent by UPS and the information about the package delivery failure is untrue. In fact, the email attachment contains a malicious computer program. UPS has published the following warning about the fake notification emails on its website:
Attention Virus Warning
Service Update

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.

Thank you for your attention.
The attachment contains malware, detected as Trj/Agent.JEN by Internet Security company PandaLabs, that can replace an important file on Windows computers and then download other malware to the infected computer. PandaLabs notes:
This malware is copied in the system, replacing the Windows Userinit.exe (this file is the one which runs explorer.exe, the interface of the system and other important processes), copying the legitimate file as userini.exe, so that the computer can work properly.

Additionally, it establishes a connection with a Russian domain, which has been used on some occassions by banker Trojans. From this domain it will redirect the request to a German domain in order to download a rootkit and a rogue antivirus, detected as Rootkit/Agent.JEP and Adware/AntivirusXP2008 respectively.
If you receive an email similar to the example quoted above, do not open any attachments that come with the message or click on any links that it may contain.

References:
UPS - Attention Virus Warning
Fake UPS Invoice Email
E-mail allegedly from UPS delivers a computer virus

blog comments powered by Disqus

Last updated: 16th July 2008
First published: 16th July 2008

Write-up by Brett M. Christensen

Similar Articles:
Dell Online Store Trojan Email
PBS Bill Payment Not Approved Scam Email


[TOP]

[Home] [Latest Information] [Current Newsletter] [Previous Newsletters] [Email Hoaxes]
[Internet Scams] [True Emails] [Software Reviews] [Spam Control] [Computer Security]
[Internet Resources] [Privacy] [About] [Site Map] [Search] [FAQ]


Latest Email Hoaxes - Current Internet Scams - Hoax-Slayer Newsletter


© Brett M.Christensen, 2010 All Rights Reserved
[Contact]