Beware UPS Tracking Trojans
Published by rich on Tuesday, July 22, 2008 - 18:27:00
Just got a few messages like these sent to my intercepted spam e-mail bin.
Subject: UPS Tracking Number 6334829881 Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office. Your UPS.
Uh oh, my bad English detector just went off.
Bad grammar and poor spelling in an email from a major organization is a major indicator something isn’t right.
The email contains an attached ZIP file containing an executable. Bad news!
Looks like the guys at mxlab are already on top of it - and have diagnosed the problem as being a variant of Zbot.
ZBot is a trojan that steals financial data.
Note - I mentioned that I dug these messages out of my intercepted spam bin as opposed to dealing with them in my inbox. While not a replacement for anti-virus software - SpamButcher’s junk email filter recognized something was wrong and quarantined the message.
