Author Topic: Heuristic Trojan Alert! (Read 2486 times)

Al · « **on:** October 04, 2010, 02:56:17 PM »

Just an FYI for you all.

I received today in my spam box of my Yahoo mail a nondelivery notice from the USPS (spoof ofcourse) with 2 attachments.

As I found it very suspicious, I scanned it with ClamXAV and it detected that it was in fact a trojan virus! The payload (USPSlabel.zip) is a zip file with an executable file inside. (LABEL_USPSXLS.exe)

This is my very first virus of this fashion through my email. SPOOKY!

Just wanted to post this to warn you good people of this.

Xairbusdriver · « **Reply #1 on:** October 04, 2010, 05:16:22 PM »

I thought I had mentioned this here...probably the same trojan. My wife had an estimated delivery time email last week, supposedly from FedEx. EarthLink guaranteed it. I forced it to be delivered and saw a 'jpg' file claiming to be an image of the address info on record. The email claimed that the package could not be delivered because of an error on that label. I dragged the 'jpg' out of the message and suggested that several graphics apps open it. All failed, "Does not appear to be a format I know anything about."

To make a long story short, I noticed it did not have Judy's name on it. And the "tracking number was way too short, FedEx tracking numbers are 21 characters long! Nor could FedEx see anything in their records coming our way! I finally called the company sending the box and got the correct number which said it was at the Post Office. It was eerie that the email came the same day that the box was delivered to the USPS.

A connection there? USPS servers hacked?

Also strange was that I saw a FedEx Ground truck driving up our dead-end street the same day the message came. So I thought there actually was a delivery attempt! But the service being used is not handled by FedEx all the way, it is simply delivered to the normal Post Office for final transportation. FedEx is doing their part to keep the USPS in business!

gunug · « **Reply #2 on:** October 05, 2010, 01:05:49 PM »

AL - You don't want to go messing with the USPS because they have long memories and short fuses. Before long the guys with the red stripes down the legs of their pants will be following you everywhere around the Islands. . .they won't be inconspicuous but they will be persistent!

tacit · « **Reply #3 on:** October 05, 2010, 02:22:16 PM »

QUOTE(Al @ Oct 4 2010, 07:56 PM) <{POST_SNAPBACK}>

Just an FYI for you all.

I received today in my spam box of my Yahoo mail a nondelivery notice from the USPS (spoof ofcourse) with 2 attachments.

As I found it very suspicious, I scanned it with ClamXAV and it detected that it was in fact a trojan virus! The payload (USPSlabel.zip) is a zip file with an executable file inside. (LABEL_USPSXLS.exe)

This is my very first virus of this fashion through my email. SPOOKY!

Just wanted to post this to warn you good people of this.

That one's been making the rounds for quite a while. I have been getting about fifteen copies of that particular malware a day on one of my email addresses.

Xairbusdriver · « **Reply #4 on:** October 05, 2010, 02:32:34 PM »

FedEx even has a warning on their tracking page about this type, if not this particular, phishing message. What was strange and eerie to me is that it came the same day as the USPS became directly involved with the package...just a coincidence...

I'm sure a small outfit like the USPS would be fully aware of any involvement of its employees in something like this. Sure they would.

And it would be too obvious if that's where these things were initiated, anyway... Right!

Fortunately, it was only my wife's addy that was associated!!!

BTW, ClamX AV did find it to be a trojan. Supports tacit's info about it being around for some time.

Paddy · « **Reply #5 on:** October 05, 2010, 04:09:23 PM »

Thought I posted to this thread this morning...must have forgotten to hit "add reply"...

Trojans hiding in emails purporting to be from UPS, FedEx and now the USPS have been around for over 2 years now. Some of them have quite comical wording, as per most phishing attacks generated by non-native English speakers.

http://www.pc1news.com/news/0055/a-new-tro...l-messages.html

There was quite a spate of them from UPS fairly recently. The USPS one is a fairly new one, methinks. At any rate, NONE of these delivery services send you email telling you your package couldn't be delivered and to download and print an invoice (!)

UPS has been used as the bait in numerous phishing/trojan attacks, as shown here by UPS themselves:

http://www.ups.com/media/en/fraud_email_examples.pdf

The email that begins "Hello My Dear" is pretty funny (my, my, aren't the folks in brown getting chummy?). And then there is the Nigerian one supposedly giving money to those who have been victims of online fraudulent activity...or my favorite - the one saying that your package has been intercepted and is temporarily being held in transit in Spain because it has been determined that it contains valuable items, and that in order to get it released, you're going to have pay for insurance required under new laws! "Concluding the verification on the package our office has ascertained that the package was not duly issnured." I'm sure UPS was fascinated to discover that they had a whole new department of "Postal Inspection Services"!

Or how about this ominous-sounding email:

"Attention;
This email is to notify you that we have intercepted your parcel from being delivered to you due to some security reasons as stated below.
1. Our scanning system detected your parcel containing a confirmable ATM CARD.
Before the parcel can be delivered, you being the receive is obliged to obtain a Duly Sworn Affidavit from the Spanish High Court in Spain to back up the the origin of the Parcel, this is in line with the Anti Terrorist Campaign due to the Law Implemented by government of United States of America to protect and reduce the terrorist activities."

Yes, there is no end to the creativity of the phishers and scammers.

As I've noted before, it's sad that all this creativity can't be put to more useful ends.

krissel · « **Reply #6 on:** October 06, 2010, 02:32:33 AM »

Ha, you are more likely to check on an expected delivery via USPS and be told that they delivered it when they didn't. Or that they tried to deliver something that needed a signature but no one was there (and you were actually watching out the window as the carrier sat in the truck and filled out the form, never moving his/her butt from the seat to see if you were home...).

I don't mind redelivering the mail that belongs to my neighbors, but when my neighbors accidentally open my private banking and financial information because it was put in their mailbox by mistake and they automatically ripped open the envelope... well, I'm not pleased. I don't blame my neighbors, just the USPS. I'm grateful my neighbors are trustworthy, but I wonder how many other people have received my mail and haven't returned it.

OH, and then you could be unpleasantly surprised to find (at 1 AM) a package left on your lawn, about 20 feet from the end of the driveway... in the rain.

Yes, that is the poor excuse for mail service on my street.

I've written several complaints to the main online site and received two phone calls from the local postmaster apologizing but now I don't trust them with anything. I have to drive to the PO building to mail things as I think my carrier has it in for me now.

Paddy · « **Reply #7 on:** October 06, 2010, 05:25:29 PM »

Apart from one package left in a puddle on the driveway, in the rain, our USPS carriers were always pretty terrific the entire time we lived in the US. I guess it's the luck of the draw - as with any job, some are good and some are not so good. And of course, one always wonders if complaining just compounds the problem when you've got a lousy carrier.

Of course, as I've no doubt said before, the USPS is far superior to Canada Post - it's cheaper, faster, you get mail on Saturdays, post offices are generally NOT located at the back of drug stores, packages are delivered to your house...(depending on the class, we sometimes have to retrieve them from the post office here).

Jack W · « **Reply #8 on:** October 06, 2010, 07:48:47 PM »

I've got a terrific USPS lady delivery person at my apartment.

Very sociable and terrifically efficient.

And the USPS guy at my old house was also terrific, altho I can't say the same for the substitutes.

FWIW

- Jack

krissel · « **Reply #9 on:** October 07, 2010, 02:16:22 AM »

I had a terrific carrier when I first moved into my house. He was so accommodating and was one of the few men my dog would let near me (she had been abused by a man). He knew when it was my birthday by the cards that arrived and often left one for me as well. In return I would put out a candy bar or pkg of cookies for him on special days.

But he retired and things were OK until the past couple years when it all went downhill. Not sure why but I have a feeling it is related to the closing of a nearby PO and their personnel were transferred to ours.

And getting rid of incompetent workers is really tough. My sister's ex was a carrier since his CPA work didn't bring in enough $. But after the divorce he would intercept her mail, open it and read the contents. She had to get a box at a distant PO to avoid his tampering. They wouldn't reprimand him because it was so hard to prove. But finally he got fired for hitting someone's car while delivering the mail and not reporting it. Yea.

OK, end of rant.

News:

Author Topic: Heuristic Trojan Alert! (Read 2486 times)