Apparently my order was sent to my home address and now they are sending me an email with additional information. How kind of them :) .
You can supposedly find more information in attachment
The text is mostly the same, here's a small variant:
Dear customer.
The parcel was sent your home address.
And it will arrive within 3 business day.
More information and the tracking number are attached in document below.
Thank you.
© 1994-2011 United Parcel Service of America, Inc.
There is a file attached called "USPS_Document.zip" Other variants may be: "UPS_Document.zip", "UPS.zip", "UPS-tracking.zip", and so on. In the ZIP archive you will find a file called UPS_Document:
UPS_Document.exe
What stands out here is that the file is no PDF file, as you might think, but is in fact a malicious executable.
UPS_Document.exe
Result: 38/41 (92.7%)
MD5: 047bcd79fa681442b37bdf9b56c2257f
Other subjects of this email might be:
- United Parcel Service notification #[random number]
- UPS Delivery Problem #[random number]
- UPS notification #[random number]
- United Parcel Service
- Post Express Service. Track your parcel! NR[random number]
- Post Express Information. You need to get a parcel NR [random number]
- UPS ticket #[random number]
Conclusion
You should never trust an email which has:
- only a URL included in the message
- an attachment that you need to open to view 'information'
- crappy spelling and grammar if there is content in the message
- been sent out to everyone in the sender's address book
- been sent from an unknown sender
- promises you can buy something for a very cheap price
- No subject or strange subjects ( eg.: "0 enjoy yourself" )
Never reply to this kind of email, simply delete it and don't look back ;) .
If you have downloaded a program and you are unsure about its intentions, you can always upload it to VirusTotal or other online virusscanners (VirScan, Jotti). Keep in mind that if a file is not detected by any engine, it is not necessarily clean!
Additionally, if you have executed the file, and believe you are infected, you can follow this guide to remove the malware:
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
Additionally, if you have executed the file, and believe you are infected, you can follow this guide to remove the malware:
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
Feel free to add any comments if you have any problems or questions.
No comments:
Post a Comment