Very Powerful UPS Virus
Moderator: Wiz Feinberg
-
Roy Ayres
- Posts: 3191
- Joined: 9 Oct 2002 12:01 am
- Location: Riverview, Florida, USA, R.I.P.
- State/Province: Florida
- Country: United States
Very Powerful UPS Virus
Our son, who is the Data Systems Manager for a big company, just called to tell us there a powerful new virus that tells you it's UPS with a package to deliver. No cure yet. Destroys your HD and any others on your LAN.
-
Wiz Feinberg
- Posts: 6115
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- State/Province: Michigan
- Country: United States
I'm sorry, but that is not the correct information regarding the UPS email scam. There was a UPS scam email circulating on July 22, containing a spyware keylogger inside a zipfile attachment, disguised as an invoice. The consequences of opening and installing the keylogger is the capturing of bank related login credentials, which are then forwarded to cyber-criminals. These criminals are located in Russia and are operating with virtual impunity.
There is no damage to the hard drives of infected computers. Most victims will not be aware that they were invaded by spyware until their, or the company's bank accounts are emptied.
As a reference for the validity of my statements I refer you to this bulletin about the UPS scam, on Trend Micro's blog.
There is no damage to the hard drives of infected computers. Most victims will not be aware that they were invaded by spyware until their, or the company's bank accounts are emptied.
As a reference for the validity of my statements I refer you to this bulletin about the UPS scam, on Trend Micro's blog.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
-
Roy Ayres
- Posts: 3191
- Joined: 9 Oct 2002 12:01 am
- Location: Riverview, Florida, USA, R.I.P.
- State/Province: Florida
- Country: United States
Wiz,
You are possibly right (you usually are) but here's what the actual UPS site says about it:
http://www.ups.com/content/us/en/about/ ... us_us.html
Take a look and advise us as to whether we should be concerned.
Thanks,
Roy
You are possibly right (you usually are) but here's what the actual UPS site says about it:
http://www.ups.com/content/us/en/about/ ... us_us.html
Take a look and advise us as to whether we should be concerned.
Thanks,
Roy
Pioneers of Western Swing HOF, Seattle 2005
Western Swing Music HOF, Sacramento 2006
International Steel Guitar HOF, St.Louis 2007
Visit my Web Site at RoysFootprints.com
Browse my Photo Album and be sure to sign my Guest Book.
Western Swing Music HOF, Sacramento 2006
International Steel Guitar HOF, St.Louis 2007
Visit my Web Site at RoysFootprints.com
Browse my Photo Album and be sure to sign my Guest Book.
-
Wiz Feinberg
- Posts: 6115
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- State/Province: Michigan
- Country: United States
UPS explains the "virus" thusly...
If you ship with UPS and have setup an account, then you need to be cautious about any email claiming to come from UPS. Look at the name of the sender and the domain it was sent from. If the message comes from UPS that domain will be in both the "From:" field and the normally hidden "Received from:" field. Spam and scam email will usually forge totally unrelated senders, but they cannot forge the email server that actually passes the message to your ISP.
I have a Sticky article at the top of the Computers forum explaining how one displays and views the headers in email messages.
Anybody who is fooled into opening an email attachment and installing the attached file is in need of expert help disinfecting their PCs. First try Spybot Search and Destroy, with the latest definition updates (Every Wednesday) and your anti virus program. If that doesn't remove the threat you will need to hire bigger guns.
I became aware of this scam a couple of weeks ago but have never received the spam email described in the Trend Micro report. I believe this scam may have been a spear phishing attack; precisely targeting companies who ship with UPS regularly, or other likely UPS customers. The payload is definitely NOT a virus; it IS a keylogger and password stealer Trojan. It does not damage the hard drive of it's victims. It hides its presence in order to commit insider theft.We have become aware there is a fraudulent e-mail being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.
This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the e-mail immediately.
UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.
Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.
If you ship with UPS and have setup an account, then you need to be cautious about any email claiming to come from UPS. Look at the name of the sender and the domain it was sent from. If the message comes from UPS that domain will be in both the "From:" field and the normally hidden "Received from:" field. Spam and scam email will usually forge totally unrelated senders, but they cannot forge the email server that actually passes the message to your ISP.
I have a Sticky article at the top of the Computers forum explaining how one displays and views the headers in email messages.
Anybody who is fooled into opening an email attachment and installing the attached file is in need of expert help disinfecting their PCs. First try Spybot Search and Destroy, with the latest definition updates (Every Wednesday) and your anti virus program. If that doesn't remove the threat you will need to hire bigger guns.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
-
Roy Ayres
- Posts: 3191
- Joined: 9 Oct 2002 12:01 am
- Location: Riverview, Florida, USA, R.I.P.
- State/Province: Florida
- Country: United States
Thanks, Wiz.
I don't use UPS anyway. I stick with the Pony Express. Them hosses don't know nuthun' 'bout 'puters nohow.
C U later.
I don't use UPS anyway. I stick with the Pony Express. Them hosses don't know nuthun' 'bout 'puters nohow.
C U later.
Pioneers of Western Swing HOF, Seattle 2005
Western Swing Music HOF, Sacramento 2006
International Steel Guitar HOF, St.Louis 2007
Visit my Web Site at RoysFootprints.com
Browse my Photo Album and be sure to sign my Guest Book.
Western Swing Music HOF, Sacramento 2006
International Steel Guitar HOF, St.Louis 2007
Visit my Web Site at RoysFootprints.com
Browse my Photo Album and be sure to sign my Guest Book.
-
Roy Ayres
- Posts: 3191
- Joined: 9 Oct 2002 12:01 am
- Location: Riverview, Florida, USA, R.I.P.
- State/Province: Florida
- Country: United States
Wiz,
I want to thank you and let you know that the information you gave me in the above post was highly valuable to our son, Dean, and his company in Indianapolis. I pasted your response into an email to him. He tells us that after receiving your information, he turned his attention to the direction indicated -- and this led him to discover that his company's banking information had been compromised. They spent about half the night contacting their banks and credit card companies to inform them and cancel accounts, etc. They would have lost untold funds had you not posted the information about the UPS scam. They, and I, are grateful to you for your willingness to share your knowledge as the moderator for the "Computer" category on our Steel Guitar Forum.
I want to thank you and let you know that the information you gave me in the above post was highly valuable to our son, Dean, and his company in Indianapolis. I pasted your response into an email to him. He tells us that after receiving your information, he turned his attention to the direction indicated -- and this led him to discover that his company's banking information had been compromised. They spent about half the night contacting their banks and credit card companies to inform them and cancel accounts, etc. They would have lost untold funds had you not posted the information about the UPS scam. They, and I, are grateful to you for your willingness to share your knowledge as the moderator for the "Computer" category on our Steel Guitar Forum.
Pioneers of Western Swing HOF, Seattle 2005
Western Swing Music HOF, Sacramento 2006
International Steel Guitar HOF, St.Louis 2007
Visit my Web Site at RoysFootprints.com
Browse my Photo Album and be sure to sign my Guest Book.
Western Swing Music HOF, Sacramento 2006
International Steel Guitar HOF, St.Louis 2007
Visit my Web Site at RoysFootprints.com
Browse my Photo Album and be sure to sign my Guest Book.