Topic: Virus Alert (Read 934 times)

bob.dent · « **on:** 25 July 2008, 13:14:30 »

If you receive an e-mail supposedly from UPS regarding a parcel they are unable to deliver with an invoice attachment, or a customs form with an attachment, DELETE it immediately. I had received one on my work e-mail yesterday and coincidentally we were expecting a parcel from France, so I opened it. It wasn't until I switched on my PC this morning that I realised it had loaded a particularly nasty malware virus. You get messages saying that your PC is infected with virus's and tries to get you to go to a bogus website called Antivirus XP 2008, and then wants you to buy the removal tool using your credit card.

This wasn't initially picked up by our Macafee Antivirus software and
it took 2 of our IT guys 3.5 hours to get rid of the bloody thing, so a completely wasted morning.

They eventually got rid of it using a software called Malwarebytes' Anti-Malware. Even then they still had to re-install some files from XP installation disc that had been corrupted.

This is a real BUGGER so please beware.

Markie · « **Reply #1 on:** 25 July 2008, 13:16:39 »

and strangly enough i got this yesterday about 6 times.

I was also expecting a parcel from France. Scarey co incidence.

Didnt download it as i called home and swmbo advised the parcel had arrived.

bob.dent · « **Reply #2 on:** 25 July 2008, 13:20:27 »

Quote

and strangly enough i got this yesterday about 6 times.

I was also expecting a parcel from France. Scarey co incidence.

Didnt download it as i called home and swmbo advised the parcel had arrived.

Thats really bizzare!!

I wonder if they have a way of tracking parcels that are in transit and emailing the recipient. :-/ Sounds a bit far fetched, but also seems too coincidental. :-?

Elite Pete · « **Reply #3 on:** 25 July 2008, 13:21:32 »

The things people will do so they can sit around drinking coffee all morning

PaulW · « **Reply #4 on:** 25 July 2008, 13:26:12 »

Getting about 7 or 8 to my mail address daily aswell...

Code: [Select]

A virus was found: Broken.Executable

Banned name: multipart/mixed | application/zip,.zip,ups_invoice.zip |
  .exe,.exe-ms,ups_invoice.exe
Scanner detecting a virus: ClamAV-clamd

Content type: Virus
Internal reference code for the message is 01986-15/x1JstSpIZ+Oa

First upstream SMTP client IP address: [71.115.192.22]
  pool-71-115-192-22.spknwa.dsl-w.verizon.net
According to a 'Received:' trace, the message originated at: [71.115.192.22],
  [71.115.192.22]

Return-Path: <tege1@avhq.com>
From: "United Parcel Service" <tege1@avhq.com>
Message-ID: <01c8ea68$48446780$16c07347@tege1>
Subject: UPS Tracking Number 5605664446
The message has been quarantined as: virus-x1JstSpIZ+Oa

Notification to sender will not be mailed.

The message WAS NOT relayed to:
<paulw@corsa-b.co.uk>:
   250 2.7.0 Ok, discarded, id=01986-15 - VIRUS: Broken.Executable

Virus scanner output:
  p004: Broken.Executable FOUND

Code: [Select]

Return-Path: <tege1@avhq.com>
Received: from pool-71-115-192-22.spknwa.dsl-w.verizon.net (pool-71-115-192-22.spknwa.dsl-w.verizon.net [71.115.192.22])
        by mail.corsa-b.co.uk (Postfix) with ESMTP id A5D80CE4050;
        Sun, 20 Jul 2008 22:00:45 +0100 (BST)
Received: from [71.115.192.22] by server508.appriver.com; Sun, 20 Jul 2008 12:58:19 -0800
From: "United Parcel Service" <tege1@avhq.com>
To: <paulw@corsa-b.co.uk>
Subject: UPS Tracking Number 5605664446
Date: Sun, 20 Jul 2008 12:58:19 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
  boundary="----=_NextPart_000_000E_01C8EA68.48446780"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Aca6QH231ZPJ0U1175RO1HSFVP1Q10==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Message-ID: <01c8ea68$48446780$16c07347@tege1>

Have to admire there determination really... bloody arseholes

bob.dent · « **Reply #5 on:** 25 July 2008, 13:26:33 »

Quote

The things people will do so they can sit around drinking coffee all morning

Actually it was tea, plus a good opportunity to pop out into the sunshine for a ciggy.

On a serious note, I've now got twice as much bl00dy work to squeeze in this afternoon.

Elite Pete · « **Reply #6 on:** 25 July 2008, 13:30:08 »

Quote

Quote
The things people will do so they can sit around drinking coffee all morning

Actually it was tea, plus a good opportunity to pop out into the sunshine for a ciggy.

On a serious note, I've now got twice as much bl00dy work to squeeze in this afternoon.

So you'll be in the pub for 3pm then

It is a pain when you keep getting bombarded by dodgy emails. I always worry when im away from home and the wife gets an email to enter her paypal details

bob.dent · « **Reply #7 on:** 25 July 2008, 13:30:26 »

Quote

Getting about 7 or 8 to my mail address daily aswell...

Have to admire there determination really... bloody arseholes

They're absolute scum! I'd like to wish them a premature, slow painful death!!

PaulW · « **Reply #8 on:** 25 July 2008, 13:32:51 »

Quote

Quote
Getting about 7 or 8 to my mail address daily aswell...

Have to admire there determination really... bloody arseholes

They're absolute scum! I'd like to wish them a premature, slow painful death!!

I'm still surprised your AV didn't pick it up tho... unless they haven't got heuristics turned on or deep scanning, it should be detected!

bob.dent · « **Reply #9 on:** 25 July 2008, 13:40:27 »

Quote

Quote
Quote
Getting about 7 or 8 to my mail address daily aswell...

Have to admire there determination really... bloody arseholes

They're absolute scum! I'd like to wish them a premature, slow painful death!!

I'm still surprised your AV didn't pick it up tho... unless they haven't got heuristics turned on or deep scanning, it should be detected!

Somehow, they're able to disable your AV!

My AV icon at the bottom of my screen had a cross through it showing it had been disabled. I tried to manually run it and halfway through the scan I had a Windows message telling me a serious error had occurred in my system and then it kept trying to reboot. Had to restart in Safe Mode to carry out the removal.

Markie · « **Reply #10 on:** 25 July 2008, 13:47:55 »

Quote

Quote
and strangly enough i got this yesterday about 6 times.

I was also expecting a parcel from France. Scarey co incidence.

Didnt download it as i called home and swmbo advised the parcel had arrived.

Thats really bizzare!! I wonder if they have a way of tracking parcels that are in transit and emailing the recipient. :-/ Sounds a bit far fetched, but also seems too coincidental. :-?

i know, i was thinking the same thing really.....its pretty scarey

mars · « **Reply #11 on:** 25 July 2008, 21:09:25 »

Quote

Quote
and strangly enough i got this yesterday about 6 times.

I was also expecting a parcel from France. Scarey co incidence.

Didnt download it as i called home and swmbo advised the parcel had arrived.

Thats really bizzare!! I wonder if they have a way of tracking parcels that are in transit and emailing the recipient. :-/ Sounds a bit far fetched, but also seems too coincidental. :-?

I too have had same e-mail twice this week. Was also expecting parcel but deleted it as I was suspicious and thought let them contact me by post. No oustanding parcels now.

Richie London · « **Reply #12 on:** 25 July 2008, 21:32:39 »

id rather a virus than someone coming up to you asking how you are, hows the family and remarking how much youve changed in the last 20 yrs. then after a 20min chat you walk away thinking, who the rather hell was that

.

TheBoy · « **Reply #13 on:** 25 July 2008, 21:32:50 »

Any decent mailserver should reject it before you see it.

Its not a virus, hence won't be picked up by AV software.

News:

Author Topic: Virus Alert (Read 934 times)

bob.dent

Virus Alert

Markie

Re: Virus Alert

bob.dent

Re: Virus Alert

Elite Pete

Re: Virus Alert

PaulW

Re: Virus Alert

bob.dent

Re: Virus Alert

Elite Pete

Re: Virus Alert

bob.dent

Re: Virus Alert

PaulW

Re: Virus Alert

bob.dent

Re: Virus Alert

Markie

Re: Virus Alert

mars

Re: Virus Alert

Richie London

Re: Virus Alert

TheBoy

Re: Virus Alert