‘United Parcel Service notification’ email contains trojan

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “United Parcel Service notification” send from the spoofed address “United Parcel Service <support2pyq@ups.com>”.

The body of the email is made from an image but on our computer the image is broken. The included image UR points to http://1stchoiceindustrial.com/bd32t.jpg but no file is found on this server. I’m sure that we can guess what they are willing to share with us.

The attached ZIP file has the name document.zip and contains the 37 kB large file document.exe.

The trojan is known as TROJ_SPYEYE.SMEP (Trend Micro), Trojan.Agent/Gen-FakeAlert[RnGlobal] (SuperAntiSpyware), W32/Bamital.FA!tr (Fortinet).

At the time of writing, only 5 of the 43 AV engines did detect the trojan at Virus Total.

Virus Total permalink and MD5: ad91c4ccb6503ccfdf0bfd51d55bcb7a.

17 thoughts on “‘United Parcel Service notification’ email contains trojan

  1. We have been receiving many of these emails, along with a few from “DHL”. Our email virus scanner has deleted all the attachments so far.

  2. Dear Sir/Madam
    Please I cannot open your attachment as it has been blocked by Norton antivirus but I need the documents to use officially today.Please treat this as urgent and call my mobile 07545296593.Thank You

  3. Hi there,
    I was so glad when i received the email for United parcel services notification but when tried opening the attachment, a virus was detected. I sent a msg as a reply to the parcel company informing them of what had happened so that they can send me another one. When i googled the company they recommended that i should delete the email immediately so i did so. The problem is that i had tried to open the attachment. though it failed. my question is

  4. I got an email notification on my iPhone from United Parcel Service. The email address is supportadmt@ups.com. The message was very nondescript and raised flags from the moment I read it. Here is what it said:
    Dear Customer,
    The parcel was sent your home address. And it will arrive within 7 business day.

    More information and the tracking number are atached in document below.

    Thank you.

    • it then had the copyright symbol followed by 1994-2011 United Parcel Service of America, Inc. I first called my husband to see if he had something shipped via UPS to our home because I knew I hadn’t. I then explained that it said there was an attachement (which I can usually open on my phone) but that all that was visible was a question mark in a grey box. I was unable to open any document on my phone. I then checked my email inbox on my computer to see the message there and it wasn’t there. Finally I did a google search and found out that it was a scam and likely contained a trojan. Sure enough, I checked my antivirus information and the email had been quarentined because of a trojan. If you get any email from United Parce Service that does not contain their logo or if you know you aren’t expecting something form UPS DO NOT OPEN IT! BEWARE!

  5. Is opening the email enough to infect the computer???
    Please help!
    I didn’t open the attachment though.

  6. Please ignore naive wrong info that said “Opening and reading the email alone will not infect your computer.”

    Because, the FACT is that some viruses CAN BE transmitted from just opening an email, due to malware code that can be embedded in images, including imposter logos or invisible images you don’t even see.

  7. Yes, just opening an email HAS POTENTIAL to infect with virus. It depends which actual virus it is. Malware code can be hidden in fake logo images, or, even in invisible images you don’t even see are there.

    • The last comment is misinformational bullshit. No, you cannot be infected just by reading the text of your email.
      BUT If you click on a hyperlink or open an attachment, that’s when it can become dangerous.

      I just got the DHL email a few days ago and today the UPS one, both had attachments. The first in a .rar and the second in a .zip. so I opened the compressed FOLDERS (not files) and saved them to my hard drive in seperate password protected archives for future reference. They are completely safe and for those of you who like tin foil hats an .exe file CANNOT run by itself, it needs a human to click it or another process to execute it.


  8. This morning I received an email from UPS also. it contained a Trojan virus and was detected by my anti-virus software! ‘I don’t even knhow why I opened the attachment because I was not expecting any package! Maybe curiosity!

  9. Got the email too and it came from info@ups.com

    Dear customer.

    The parcel was sent your home address.
    And it will arrive within 6 business day.

    More information and the tracking number are attached in document below.

    Thank you.
    Š 1994-2011 United Parcel Service of America, Inc.

  10. zip file received this morning from activity@help-ups.com. mail advised me to print the attached form and take it to my local UPS office to pick up a package. virus not detected by Norton 360, but I knew UPS doesn’t handle package pick up notifications in this manner. googled and found this info. thanks!

Comments are closed.