Repeat email attachments from UPS and Fedex

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I know these are fake because these two outfits don't communicate
directly with you about deliveries.  The seller does.  Also, when
telling Yahoo to show full headers, you can see that there are at
least a dozen other recipients listed.

Needless to say, I have never fallen for this nonsense.

I started getting these about 2 weeks ago.  Anyone else receiving
them?  Does anyone one know exactly what malware/virus is in the
attachment?

Re: Repeat email attachments from UPS and Fedex


On Sat, 18 Jun 2011 12:44:01 -0500, in alt.comp.anti-virus, la33@alsfdj.com
wrote:

Quoted text here. Click to load it

Only two weeks?  I've been getting those regularly for at least months, if
not years.  Don't really remember when they started; they just blend into
the generic spam barrage.

No idea what's in the attachments: it all just gets deleted.

--

Nick's First Law of Computer Virus Complaints:

    Just because your computer is acting strangely or one of your programs
    doesn't work right, this does NOT mean that your computer has a virus.

Re: Repeat email attachments from UPS and Fedex

Per Nick:
Quoted text here. Click to load it

+1
--
PeteCresswell

Re: Repeat email attachments from UPS and Fedex


Aaaargh.... Forgot this until after I hit send.

On Sat, 18 Jun 2011 12:44:01 -0500, in alt.comp.anti-virus, la33@alsfdj.com
wrote:

Quoted text here. Click to load it

Actually, if you create an account on the UPS site you can receive E-mail
tracking updates directly from them.  You'll probably find similar services
at some other shipping companies.

Tried this with UPS a long time ago, but decided it wasn't worth the bother.

--

TANSTAAFL! (There Ain't No Such Thing As A Free Lunch!) R.A.H.

Re: Repeat email attachments from UPS and Fedex


Quoted text here. Click to load it

Just had one yesterday. This gal found one supposedly from UPS in her Yahoo
SPAM folder. She was expecting a package from UPS so she opened it. She
said there were two attachments and one of them was a document. When she
said "document" I'm not sure if it was a *.doc attachment or just how she
determined it was a document. Anyway, when she opened it, she got nailed
with the "Windows 7 Recovery" malware.

I messed with it half the night and never did manage to get all her start
menu items back. I had already copied all her documents and pictures off
onto an external drive, so I just restored it back to factory. That's
getting to be a hassle too anymore. A Service Pack to put back plus all the
updates, etc.

Short answer: Windows 7 Recovery

--
        --- Everybody has a right to my opinion. ---

Re: Repeat email attachments from UPS and Fedex

wrote:

Quoted text here. Click to load it

You/her needs a recovery disk imaging program such as Acronis True
Image, Macrium Reflect, or one of the others that are out there.
Through the years, Acronis has saved my butt by allowing me to recall
a saved disk image instead of going through the hassle you had to go
through.

Re: Repeat email attachments from UPS and Fedex


Quoted text here. Click to load it

If it is like the "FedEx Document.exe" that I examined this AM, it was a rogue
anti
malware installer and was a trojan.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Repeat email attachments from UPS and Fedex

On Jun 18, 8:44=A0pm, l...@alsfdj.com wrote:
Quoted text here. Click to load it

I got one the other day supposedly from UPS--the tracking number was
too short and clearly fake.  The Trojan was in a Zip file and
Microsoft Security Essentials caught it.

Don't know why there seems to be a push out to infect people.

RL

Re: Repeat email attachments from UPS and Fedex

RayLopez99 wrote:
Quoted text here. Click to load it
It's probably yet another Fake-AV (scareware/rogue security) trojan.
It looks to me like they are expanding on their delivery methods.

Re: Repeat email attachments from UPS and Fedex


Quoted text here. Click to load it

So are you saying that people put out fake trojans, that trigger AV
programs but really don't harm your PC?  Not that I'm going to find
out (I simply delete them), but that's a new idea.  What would be the
purpose of these fake trojans (if they exist) other than perhaps
scaring people?  Or is that the purpose?

RL

Re: Repeat email attachments from UPS and Fedex

RayLopez99 wrote:
Quoted text here. Click to load it

No, there is a type of scareware that pretends to be a security program
(like a firewall, antimalware, antispyware, or antivirus) and most of
the ones I have seen pretend to be AV software that has found all sorts
or viruses and malware on your machine.

So, I'm just guessing that it is one of those.

It's not a virus or a worm, so it needs some way to get distributed. One
such way is to get a url spammed out that will lead the adventurous to
malware infestation. Other ways are by SEO poisoning or by redirects or
malvertizements.

Quoted text here. Click to load it

Usually I encounter them by way of a script that makes a small browser
window that looks like a messagebox. Clicking on the red X is the same
as clicking the OK button and the script then runs a show for the user
to convince them that a scanner is finding all kinds of malware. Once
the user is offered a "Remove All" button (if you build it, they will
push) the script initiates a download (the trojan). When it is run, it
gives another show and expects the user to part with money in order to
fix the "problem".

The scripts themselves are sometimes heavily obfuscated, but can be
obtained from the browser's temp files (along with other related files).



Re: Repeat email attachments from UPS and Fedex

Quoted text here. Click to load it

OK thanks for that detailed response.  I've seen this and know what
you are talking about.

BTW I like the feature in Chrome and Firefox of deleting your temp
files when you flush your browser cache--IE (latest version) still has
a problem doing this 100% it seems (always has) since for example if
you sign up in Live.com or Hotmail after flushing the cache in IE your
name still appears as logged on (persistent).

I don't like 'temp' files as you say, and in the past have deleted
stuff that looks temp, though I've stopped doing that since some
installation programs store the CDs or DVDs virtually in a sort of
temp folder for future use (though I use Daemon Lite now to install
all programs that are on DVD)

RL

Re: Repeat email attachments from UPS and Fedex


Quoted text here. Click to load it

It is in the Rogue family.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Repeat email attachments from UPS and Fedex

David H. Lipman wrote:
Quoted text here. Click to load it

Are these in competition with each other for marketshare, or are they
cooperating?

Re: Repeat email attachments from UPS and Fedex


Quoted text here. Click to load it

It looks like competition.  The malicious actors keep rolling them out and so
they have
moved in some ways away from ant malware and security to now optimization of the
OS and
hard disk problems.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Repeat email attachments from UPS and Fedex


Quoted text here. Click to load it

Nope. It's a downloader. [g]


--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

Re: Repeat email attachments from UPS and Fedex

Dustin wrote:
Quoted text here. Click to load it
Found one of those (I think) the other day, a packed exe with Java
.class files in a Bingo folder.

Site Timeline