New UPS trojan detected: TrojanSpy.ZBot.DGI

Posting updated on 10 March 2009. Read the new information at the end of this posting.
MX Lab intercepted a  few messages, with the zero hour anti virus system, that claim that the delivery of the postal package that is handled by UPS has failed due to an incorrect address. At the time of writing, 03.02.2009 22:55:45 (CET), only 7 [...]

March 2, 2009
Categories: Viruses . Tags: , , , , . Author: mxlab . Comments: 2 Comments

New UPS trojan variant: Delivery problems

A new UPS trojan variant is being detected called Mal/Zbot-G by Sophos and VirTool:Win32/Obfuscator.CT by Microsoft.
MX Lab was the first to send and analyse the file by Total Virus. Only 2 of the 36 AV engines at Virus Total did detect the trojan at the time of writing. So be aware that this email contains malware so don’t [...]

January 11, 2009
Categories: Viruses . Tags: , , , . Author: mxlab . Comments: 7 Comments

ZBot trojan attached to contract

A new variant of the ZBot trojan is attached to an email with your contract details. Possible subject lines are:
Contract of settlements
Contract of retirements
Permit for retirement
Loan contract
The contents of the message:
Dear customers,
We have prepared a contract and added the paragraphs that you wanted to see in it. Our lawyers made alterations on the last page. If [...]

July 26, 2008
Categories: Viruses . Tags: , , , , , , , , , . Author: mxlab . Comments: 1 Comment

UPS Tracking number trojan – another variant and Hallmark e-card

There is a new variant of the UPS Tracking number trojan on route. The subject is now “[RE] UPS Tracking Number 7056968807″ but the contents remains the same. The URL that is used by the trojan is slightly different, the host remails the same, the folder structure and the .bin file on the site is [...]

July 23, 2008
Categories: Spam, Viruses . Tags: , , , , , , , , , . Author: mxlab . Comments: 5 Comments

UPS Tracking number trojan – new variant

Around 00:02 AM, local Belgian time, MX Lab detected an outbreak of a new UPS tracking number trojan.
The email itself remains the same but the attachment name contains now a tracking number like UPS_INVOICE_978172.exe.
The .exe is a new variant and when submitting an example to Virus Total only 3 of the 34 anti virus engines [...]

July 21, 2008
Categories: Viruses . Tags: , , , , , , , . Author: mxlab . Comments: 36 Comments

UPS Tracking number trojan

When you receive an email from UPS regarding a package that can’t be delivered due to an incorrect recipients address you better watch out. The chance is very likely that this is a new variant of a trojan trying to get your attention and to infect your computer.
 
The messages contains the text:
Unfortunately we were not able [...]

July 20, 2008
Categories: Viruses . Tags: , , , , , , , . Author: mxlab . Comments: 44 Comments