Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

UPS/FedEx/DHL Delivery failure

8 views
Skip to first unread message

Bobt

unread,
Nov 2, 2009, 7:39:13 PM11/2/09
to
I just received an email stating a new virus .. when you click on the
attached invoice bad things happen. Not sure what type it is ..
Anyone hear anything about this ..

David H. Lipman

unread,
Nov 2, 2009, 8:30:26 PM11/2/09
to
From: "Bobt" <info...@gmail.com>

| I just received an email stating a new virus .. when you click on the
| attached invoice bad things happen. Not sure what type it is ..
| Anyone hear anything about this ..

Yes. Old news.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


FromTheRafters

unread,
Nov 2, 2009, 8:43:44 PM11/2/09
to
"Bobt" <info...@gmail.com> wrote in message
news:8f747229-089f-4be9...@g23g2000yqh.googlegroups.com...

>I just received an email stating a new virus .. when you click on the
> attached invoice bad things happen. Not sure what type it is ..
> Anyone hear anything about this ..

I vaguely recollect something about some kind of thing similar to that.
Ya know - bad things - invoices...

...wasn't a virus though...sounds kinda phishy to me.

David H. Lipman

unread,
Nov 2, 2009, 8:53:25 PM11/2/09
to
From: "FromTheRafters" <err...@nomail.afraid.org>

Trojan payload not phish.

The Central Scrutinizer

unread,
Nov 2, 2009, 9:35:19 PM11/2/09
to

"FromTheRafters" <err...@nomail.afraid.org> wrote in message
news:hco1sh$9ps$1...@news.eternal-september.org...

David is right. This (and many variations) have been around for quite
some time. Many months in fact...

--

FromTheRafters

unread,
Nov 2, 2009, 10:07:13 PM11/2/09
to
"The Central Scrutinizer" <gci...@hotmail.com> wrote in message
news:hco4rl$vgs$1...@aioe.org...

Was that one of the PDF exploits?

...or the Flash support exploits?

...or invoice.exe?


David H. Lipman

unread,
Nov 2, 2009, 10:25:12 PM11/2/09
to
From: "FromTheRafters" <err...@nomail.afraid.org>

| ...or invoice.exe?


There have been at least 3 or 4 iterations that were trojan payloads. None were explot
code.

Virus Guy

unread,
Nov 2, 2009, 11:18:40 PM11/2/09
to
"David H. Lipman" wrote:

> | Was that one of the PDF exploits?
>
> | ...or the Flash support exploits?
>
> | ...or invoice.exe?
>
> There have been at least 3 or 4 iterations that were trojan
> payloads. None were explot code.

The first instance of a "UPS Delivery problem" e-mail that I got was
6/19/2009.

The first for a "DHL Delivery problem" was 8/16/2009.

I've received a few dozen of them in total so far.

They both contain an attached file (.zip) of between 20 to 30 kb in
size. When unzipped, the single .EXE payload file is between 35 to 50
kb in size.

The .exe files are identified as Bredolab by some AV apps - and as a
generic trojan by most.

http://www.symantec.com/connect/blogs/trojanbredolab-making-yet-another-comeback

David H. Lipman

unread,
Nov 3, 2009, 9:15:44 AM11/3/09
to
From: "Virus Guy" <Vi...@Guy.com>

| "David H. Lipman" wrote:

>> | ...or invoice.exe?

| http://www.symantec.com/connect/blogs/trojanbredolab-making-yet-another-comeback

Yepper !
That's the latest iteration.

0 new messages