To Mr. Oas - Hilarious. It looks like we'll have to start training our families and users to pay attention to where a link points, and remind them to never click on anything that ends in .exe, .vb*, and all that good stuff too. This one is particularly authentic looking since they copied the actual UPS copyright content, and the format is pretty similar to the real thing. Except I've never seen an invoice link, and delivery confirmations always include your address. I might as well get ready to be on call with the relatives for this one. Anyone know which virus or exploit they're using so I can have the cleanup instructions handy? On 3/8/2012 4:00 PM, Jon Galbreath wrote: > > Yup, the page itself has links that go to some Java-enabled something > or other. I didn't wait around to see what materialized. Fortunately > Java is so slow there's time to close the page before you find out > what's in store. I'm guessing it's evil. > > *Jon Galbreath, *MCSE > > Systems Administrator > > International Studies and Programs > > Helpdesk: 517-884-2148 > > Ph: 517-884-2144 > > [log in to unmask] <mailto:[log in to unmask]> > > *From:*Laurence Bates [mailto:[log in to unmask]] > *Sent:* Thursday, March 08, 2012 3:59 PM > *To:* [log in to unmask] > *Subject:* [MSUNAG] FW: UPS Delivery Notification, Tracking Number > B80F119957814DA9 > > This looks like a particularly dangerous email load -- a credible > looking web page attachment which offers an executable "invoice" > Unless I am mistaken, this could catch quite a few users. > > Laurence > > *From:*UPS Quantum View [mailto:[log in to unmask]] > <mailto:[mailto:[log in to unmask]]> > *Sent:* Thursday, March 08, 2012 1:49 PM > *To:* [log in to unmask] <mailto:[log in to unmask]> > *Subject:* UPS Delivery Notification, Tracking Number B80F119957814DA9 > > > You have attached the invoice for your package delivery. > > Thank you, > > United Parcel Service > > *** This is an automatically generated email, please do not reply *** >