Fake email with subject “UPS Delivery Notification Tracking Number” contains malicious .doc attachment


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject "UPS Delivery Notification Tracking Number : XCBMXDI508XCBMXDI866" (number and letter combination may vary). This email is send from the spoofed address "UPS Quantum View <auto-notify@ups.com>" and has the following body: Package delivery confirmation invoice XCBMXDI508XCBMXDI866 Thank you, United Parcel … Continue reading Fake email with subject “UPS Delivery Notification Tracking Number” contains malicious .doc attachment

New fake emails “UPS Delivery Notification Tracking Number” combines 2 techniques to infect a computer


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject "UPS Delivery Notification Tracking Number:E76TI8Q77G9OGH2YMB" (tracking number may vary with each message) that combines 2 techniques to infect an computer. The 1st technique is by just including an .exe as attachment but the 2nd technique is started up by … Continue reading New fake emails “UPS Delivery Notification Tracking Number” combines 2 techniques to infect a computer

Phishing emails regarding UPS parcel: UPS: Tracking Number Notification


Usually we intercept emails regarding an fake UPS tracking or delivery issue with viruses and trojans attached at MX Lab, http://www.mxlab.eu, but today, we intercepted some phishing emails regarding "UPS parcel". The email is sent from the spoofed address "United Parcel Service <powerhost.giv@ups.com>", listens to the subject "UPS: Tracking Number Notification" and has the following body: Dear Customer, … Continue reading Phishing emails regarding UPS parcel: UPS: Tracking Number Notification

UPS Delivery Notification, Tracking Number emails with attached HTML document lead to malware


MX Lab, http://www.mxlab.eu, intercepted a few samples by  email with the subject "UPS Delivery Notification, Tracking Number 3A4078A852ED6A84" with ah HTML document attached with the name invoice3A4078A852ED6A84.html that leads to malware. The email is send from the spoofed address "UPS Quantum View <auto-notify@ups.com>" and has the following body: You have attached the invoice for your … Continue reading UPS Delivery Notification, Tracking Number emails with attached HTML document lead to malware

New Bredolab trojan variants in DHL and UPS tracking emails


MX Lab intercepted several email messages with new Bredolab trojan variants in the traditional style: emails regarding the tracking of a parcel. We noticed new campaigns using the DHL and UPS tracking style. We will cover them both in this article at the same time. The trojan is known as Trojan.Win32.Bredolab, Trojan-Downloader:W32/Bredolab.WI or TrojanDownloader:Win32/Bredolab.AB. UPS … Continue reading New Bredolab trojan variants in DHL and UPS tracking emails