A A
RSS

UPS Virus

Tue, Jul 22, 2008

Email, Featured, Internet

A Computer Virus Warning
Click here for the latest updates, including other variants of the zip file…
A computer virus has been circulating as an email attachment. The “From” address indicates that the email came from a UPS representative. The virus is a zip file attachment with the names of “ups_invoice.zip” or “ups_tracking.zip”, or some variance thereof. The email is usually found to have the title of “UPS Tracking Number xxxxx” and states that a package you sent was not able to be delivered and that you are required to print the attached invoice to collect the package at your nearest UPS office.

virus_image If you receive email that meets the above description, please delete it. Do not attempt to open the attachment or forward the email to anybody.  Simply opening the attachment will release the virus and infect your machine.

UPS has issued the following statement regarding the email.

Attention Virus Warning

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the

unauthorized actions of third parties.

Once again, if you receive an email that meets the above criteria, please delete it. Do not attempt to open the attachment.

Even if you have just sent a package, and think the email could be relative to you, please go to the web site http://ups.com and check the status of your packages online.

Virus Removal

Both Symantec and McAfee have released new virus definitions which detect and remove the virus (per their web sites).

There are basically two steps to removal.

  • Stop/Suspend System Restore (WinXP)
  1. Click Start.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
  4. If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
  5. Click Apply.
  6. When you see the confirmation message, click Yes.
  7. Click OK.
  • Download your latest virus definition and run a full scan.

Here is the info from McAfee and Symantec

McAfee Info
http://vil.nai.com/vil/content/v_132901.htm

Symantec Info
http://www.symantec.com/security_response/writeup.jsp?docid=2008-071517-2718-99&tabid=3

Update:

7/24 - A new variant of this virus/trojan has been reported.  The email subject status “Your parcel is in the customs office” and the attachment name is “Tax_Invoice.zip”.

7/29 - Another variant is also in the wild now taking on the form of an “Airline” Invoice or e-ticket.  The attachment has the name: E-ticket_xxx.zip.

Photo Credit Nils Geylen

Tags: , ,

Related Articles

0 Comments For This Post

1 Trackbacks For This Post

  1. Admin KnowledgeBase » Blog Archive » UPS Tracking Number XXXXXXXXXX Says:
    July 31st, 2008 at 6:15 pm

    [...] UPS Virus - It Does ComputeUPS Virus Warning Posted in Uncategorized | Leave a Comment [...]

Leave a Reply

Advertise

  • Advertise Here

Recent Comments

Latest Flickr photos
Yellow_Petals2Yellow_PetalsBuzzwhite_warmthCloudy PeakGadsden_FarHoover_GeneratorOrchidTombstone_CowboyTucson_Saguaro2Cemetary_FlowersPastiche_Sunflower

Good Stuff

Blogroll

Extra Links

Connect with Me

RSS CNET News