Friday, April 09, 2010

Alert: UPS Delivery Problem NR.1266955

I received an email today which included an EXE file attachment (a program). I decided not to have OzEfilter delete the email so I could check for malware. The malware wasn't picked up by Microsoft Security Essentials as malware and the attachment is potentially harmful. The attachment is named UPS_invoice_1683.zip which contains the program UPS_invoice_1683.exe.

The body of the email is the following:

Dear customer!



Unfortunately we were not able to deliver the postal package sent on the 14th of January in time because the addressee's address is wrong.
Please print out the invoice copy attached and collect the package at our department.

United Parcel Service of America.


Performing an update on Microsoft Security Essentials did not detect the malware as a newer update had not been released. The current definitions version is 1.79.1453.0.

I also submitted the file to the online scanning service mentioned in MyAnswers solution 1890 and will update this post later with the result.

One thing I did find interesting with the malware file is the file has an icon which is designed to make it look like it is a word document. I've found people in the past being tricked when they felt an attachment was a Word document. This is not a Word document.

You should delete this type of email.

- Kelvin Eldridge

UPDATE: The attachment has now been confirmed as new malware.

No comments:

Post a Comment