UPS/FedEx/DHL Delivery failure

[Bobt]

I just received an email stating a new virus .. when you click on the
attached invoice bad things happen. Not sure what type it is ..
Anyone hear anything about this ..

 

[David H. Lipman]

From: "Bobt" <[email protected]>

| I just received an email stating a new virus .. when you click on the
| attached invoice bad things happen. Not sure what type it is ..
| Anyone hear anything about this ..

Yes. Old news.

 

[FromTheRafters]

I just received an email stating a new virus .. when you click on the
attached invoice bad things happen. Not sure what type it is ..
Anyone hear anything about this ..

I vaguely recollect something about some kind of thing similar to that.
Ya know - bad things - invoices...

....wasn't a virus though...sounds kinda phishy to me.

 

[David H. Lipman]

From: "FromTheRafters" <[email protected]>


| I vaguely recollect something about some kind of thing similar to that.
| Ya know - bad things - invoices...

| ...wasn't a virus though...sounds kinda phishy to me.

Trojan payload not phish.

 

[The Central Scrutinizer]

I vaguely recollect something about some kind of thing similar to that. Ya
know - bad things - invoices...

...wasn't a virus though...sounds kinda phishy to me.

David is right. This (and many variations) have been around for quite
some time. Many months in fact...

--

 

[FromTheRafters]

David is right. This (and many variations) have been around for quite
some time. Many months in fact...

Was that one of the PDF exploits?

....or the Flash support exploits?

....or invoice.exe?

 

[David H. Lipman]

From: "FromTheRafters" <[email protected]>


| Was that one of the PDF exploits?

| ...or the Flash support exploits?

| ...or invoice.exe?


There have been at least 3 or 4 iterations that were trojan payloads. None were explot
code.

 

[Virus Guy]

| Was that one of the PDF exploits?

| ...or the Flash support exploits?

| ...or invoice.exe?

There have been at least 3 or 4 iterations that were trojan
payloads. None were explot code.

The first instance of a "UPS Delivery problem" e-mail that I got was
6/19/2009.

The first for a "DHL Delivery problem" was 8/16/2009.

I've received a few dozen of them in total so far.

They both contain an attached file (.zip) of between 20 to 30 kb in
size. When unzipped, the single .EXE payload file is between 35 to 50
kb in size.

The .exe files are identified as Bredolab by some AV apps - and as a
generic trojan by most.

http://www.symantec.com/connect/blogs/trojanbredolab-making-yet-another-comeback

 

[David H. Lipman]

From: "Virus Guy" <[email protected]>


| The first instance of a "UPS Delivery problem" e-mail that I got was
| 6/19/2009.

| The first for a "DHL Delivery problem" was 8/16/2009.

| I've received a few dozen of them in total so far.

| They both contain an attached file (.zip) of between 20 to 30 kb in
| size. When unzipped, the single .EXE payload file is between 35 to 50
| kb in size.

| The .exe files are identified as Bredolab by some AV apps - and as a
| generic trojan by most.

| http://www.symantec.com/connect/blogs/trojanbredolab-making-yet-another-comeback

Yepper !
That's the latest iteration.