In the ongoing virus story, MX Lab intercepts a new variant of the Cutwail trojan masked in emails from UPS regarding a delivery problem with the subject: UPS Delivery Problem.
The content of the email:
Dear customer!
Unfortunately we were not able to deliver the postal package which was sent on the 20th of June in time
because the addressee’s address is incorrect.
Please print out the invoice copy attached and collect the package at our office.United Parcel Service of America.
[Update November 7th, 2009 - 02:10 AM local Belgian time]
The Cutwail trojan has changed again and also the email characteristics are different. The subject states “Congratulations”
The content of the email:
Congratulations!! You have won todays Macbook Air.
Please open attached file and see datails.
The email contains the ZIp archive winner.zip with the executable winner.exe.
Virus Total link and MD5: 3b9c3d653c3e5cb40c93e9599ee507de
4 Comments
Comments RSS TrackBack Identifier URI
Leave a comment
Got another variant today in an email “Congratulation! win a MacBook air ….”.
Updated Sophos, Mcafee & AVG free just now. Sophos cannot pick it up, the other can.
Thank you for the info. We have updated the article.
Hi,
Got a mail Wednesday January 27 2010 that seemed to be from UPS. We normally receive mail and parcels from abroad so I didn’t suspect fraud. Yahoo didn’t detect the maliscous mail at first so I downloaded a mail with header: UPS Delivery Problem NR 59223 containg a message about UPS being unable to deliver a parcel due to wrong delivery adress. The mail contained a zip file UPS_invoice_NR1345.zip made to look like a MSword file which I unfortunately downloaded, unzipped and tried to open. Now I get weard messages at starup “you are infected” and other messages when the computer is up and running. I also cant open .pdf files. McAfee didn’t recognaze the threat and I don’t think it has cleaned the computer during several on-demand scans. After a couple of hours I went back to look at the e-mail in my Yahoo webmail and then Yahoo had detected the problem. It reacted a little bit too late. I dont’ know how to get rid of this. My company (where I work) suggest we make a complete reinstallation of the OS (XP SP3). Hopefully nothing has been copied to our server. Have any suggestions what to do?
Kind regards
Rickard
Sweden
I got the same thing in one of our computers at the my work place. I was able to clean the computer from the Trojan. But i did rebuild it anyway. so my suggestion go for it. nothing better than a fresh copy of OS.
Yara