[Gps] Outbreak: United Parcel Service notification malware attack

James Skelton jskelton at guymon.k12.ok.us
Mon Mar 28 09:46:14 CDT 2011 

Cybercriminals are attempting to infect computers around the world,
disguising their attack as an email claiming to come from United Parcel
Service about a parcel delivery. 
But this time they're not using words, they're using an embedded image to
trick you into clicking on the link.

Here's what a typical malicious email being used in this malware campaign
looks like:

 United Parcel Service notification malicious email
<http://sophosnews.files.wordpress.com/2011/02/united-parcel-service-notific
ation.jpg?w=640> 

Subject: United Parcel Service notification #<random number>

Attached file: UPS tracking number.zip

Message body:
Dear customer.

The parcel was sent to your home address.
And it will arrive within 3 business days.

More information and the tracking number are attached in the document below.

Thank you.
United Parcel Service.

Copyright (c) 1994-2011 United Parcel Service of America, Inc. All rights
reserved.

As you can see - it looks pretty professional. Which may well fool more
people into believing it is genuine.

Attached to the email is a file called UPS tracking number.zip, which
contains the malware attack.  Kaspersky detects the ZIP file proactively as
Mal/BredoZp-B
<http://www.sophos.com/security/analyses/viruses-and-spyware/malbredozpb.htm
l> and the enclosed file as the Troj/Agent-QGH
<http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentqgh.ht
ml>  Trojan horse.

If you are one of the many people seeing this malware attack in your email
this morning, please do not click on the attachment even if you are waiting
for a package to be delivered. Instead, simply delete the email, empty your
inbox recycling bin and your computer will be safe.  

You should never open an attachment that ends with .zip.  These are known
compression files that cybercriminals use to house/hide malware/viruses.

James Skelton
Chief Information Officer
Guymon Public Schools
801 N. Beaver
Guymon OK, 73942
580-338-4340
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.onenet.net/pipermail/gps/attachments/20110328/3161ef2a/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 47215 bytes
Desc: not available
Url : http://lists.onenet.net/pipermail/gps/attachments/20110328/3161ef2a/attachment-0001.obj

More information about the Gps mailing list