Posted on 22 July 2008.
A Computer Virus Warning
Click here for the latest updates, including other variants of the zip file…
A computer virus has been circulating as an email attachment. The “From” address indicates that the email came from a UPS representative. The virus is a zip file attachment with the names of “ups_invoice.zip” or “ups_tracking.zip”, or some variance thereof. The email is usually found to have the title of “UPS Tracking Number xxxxx” and states that a package you sent was not able to be delivered and that you are required to print the attached invoice to collect the package at your nearest UPS office.
If you receive email that meets the above description, please delete it. Do not attempt to open the attachment or forward the email to anybody. Simply opening the attachment will release the virus and infect your machine.
UPS has issued the following statement regarding the email.
Attention Virus Warning
We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.
This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.
UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact email@example.com.
Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the
unauthorized actions of third parties.
Once again, if you receive an email that meets the above criteria, please delete it. Do not attempt to open the attachment.
Even if you have just sent a package, and think the email could be relative to you, please go to the web site http://ups.com and check the status of your packages online.
Both Symantec and McAfee have released new virus definitions which detect and remove the virus (per their web sites).
There are basically two steps to removal.
- Stop/Suspend System Restore (WinXP)
- Click Start.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
- If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
- Click Apply.
- When you see the confirmation message, click Yes.
- Click OK.
- Download your latest virus definition and run a full scan.
Here is the info from McAfee and Symantec
9/1/2011- A new variant has surfaced with the subject of the email being “Your package has arrived”. There is no attachment, but instead a link to view the shipping invoice which contains malware.
7/24 – A new variant of this virus/trojan has been reported. The email subject status “Your parcel is in the customs office” and the attachment name is “Tax_Invoice.zip”.
7/29 – Another variant is also in the wild now taking on the form of an “Airline” Invoice or e-ticket. The attachment has the name: E-ticket_xxx.zip.
Photo Credit Nils Geylen