Last Updated: 2008-09-16 20:15:52 UTC
by donald smith (Version: 1)
We received two reports of fake UPS invoice tracking Trojan zip files.
This is similar to other invoice Trojans we have seen.
Here is one of the email bodies notice that while this appears to be a two way conversation it was really just the spammer who created the whole thing. The victim did not send UPS an email.
Subject: Re: missing package
From: John Henry <firstname.lastname@example.org>
Mr./Mrs. Victims First and Last name
I am sorry for this late reply, but we have good news.
We managed to track your package, and we have attached the
invoice you asked for to this reply.
The invoice contains the correct tracking# , since the one
you gave us was invalid.
You can use it on the ups website to track your shipment.
UPS Customer Care Department
From: victim’s name and email address
Subject: missing package
Date: Monday, September 8 , 2008, 10:38 AM
I have recently used UPS to send a package to my cousin but
he never received it.
Also , the tracking number doesn't check on the website, and
I lost the invoice.
Can you forward me a copy?
Here you have the tracking# : 03073332100016836200
Original File Name: invoice.zip
9/36 of the virus engines at VT recognized it.
AntiVir 184.108.40.206 2008.09.16 TR/Crypt.FKM.Gen
Authentium 220.127.116.11 2008.09.16 W32/Heuristic-VFM!Eldorado
BitDefender 7.2 2008.09.16 MemScan:Trojan.Spy.Delf.NQT
CAT-QuickHeal 9.50 2008.09.16 (Suspicious) - DNAScan
F-Prot 18.104.22.168 2008.09.16 W32/Heuristic-VFM!Eldorado
Ikarus T22.214.171.124.0 2008.09.16 BehavesLike.Win32.Malware
Thanks TomG for submitting this one.