Service Warning

Delivery Service Warning

Cyber criminals are bombarding our in-boxes with various fake delivery notifications and infecting systems with malware. Stealing personal as well as financial information.

This time everybody should watch out for fake messages purportedly coming from ‘United Parcel Service of America’ (UPS) and infecting computers with Troj/Agent-KBE.

How does the whole campaign work and what should you pay attention to? Fake ‘United Parcel Service of America’ (UPS) delivery notifications are being spammed around the world informing potential victims that their postal packages could not be delivered.

Here is a sample of the fake message belonging to this campaign:
Postal Tracking #HFHLB588566XK1G                   From: “United Parcel Service of America” xxxxxxxxxxx

Subject: Postal Tracking #HFHLB588566XK1G
From: “United Parcel Service of America” xxxxxxxxxxxxx
To: xxxxxxxxxxxxx

Date: 2010-03-15 04:43:22

Hello!

We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office.

Your United Parcel Service of America

As is the case with a majority of other fake delivery notifications, the number in the subject line is random and may vary with each message. Other signs can be there is no address to the office you are to go to. Our United Parcel Service (UPS) does not email you they phone the number given by the sender to contact if unable to deliver.

The message itself does not infect your computer. It comes with an attachment called UPSNR_976120012.zip. The title and number of the attachment may of course vary and change with each fake message. The size of the file is 38167 files and the MD5 reads as f8342178f82f9f637846d2c47bb3b2ff. However, everybody should remember that as soon as they download this file into their computers, their system will be infected with a malicious Trojan horse called Troj/Agent-KBE.

Alias names:
Win-Trojan/ZBot.57344
TR/Spy.ZBot.JFG
Trojan.Inject.Acbb
W32/Zbot.YN (Exact)
Pakes.DRC
Gen:Trojan.Heur.3014EB8EAC
Trojan.Agent-115743
Trojan.Botnetlog.9
W32/Zbot.YN (exact)
Trojan-Spy:W32/Zbot.OUC [Orion]
Trojan.Win32.Inject.accz [Engine:A]
Trojan.Win32.Inject.accz
VirTool:Win32/Obfuscator.FH(Suspicious)
Heur.W32
Troj/Agent-KBE
Infostealer.Banker.C
TSPY_ZBOT.AWF
Trojan.Inject.JGR

Therefore, do not download any similar files that actually aim to infect your computer. Delete emails from United Parcel Service prior to opening them.

Use your common sense – if you didn’t send a package, how can a failed delivery notification come into your in-box? If you have doubts, contact United Parcel Service directly. And, don’t forget to use anti-virus software and updated anti-spam filters.

The following table gives you other possible names of the Trojan spread via these fake messages:

A card is posted through your door from a company called PDS (Parcel Delivery Service) stating they were unable to deliver a parcel and you need to contact them at 09066611911 (premium rate number). DO NOT call this number, this is a mail scam originating from Belize . If you call the number and you begin hearing a recorded message you are already billed $30.00 for the phone call.