Print

Print
To Mr. Oas - Hilarious.

It looks like we'll have to start training our families and users to pay attention to where a link points, and remind them to never click on anything that ends in .exe, .vb*, and all that good stuff too.  This one is particularly authentic looking since they copied the actual UPS copyright content, and the format is pretty similar to the real thing.  Except I've never seen an invoice link, and delivery confirmations always include your address.

I might as well get ready to be on call with the relatives for this one.  Anyone know which virus or exploit they're using so I can have the cleanup instructions handy?

On 3/8/2012 4:00 PM, Jon Galbreath wrote:
[log in to unmask]" type="cite">

Yup, the page itself has links that go to some Java-enabled something or other.  I didn’t wait around to see what materialized.  Fortunately Java is so slow there’s time to close the page before you find out what’s in store.  I’m guessing it’s evil.

 

Jon Galbreath, MCSE

Systems Administrator

International Studies and Programs

Helpdesk: 517-884-2148

Ph: 517-884-2144

[log in to unmask]

 

From: Laurence Bates [mailto:[log in to unmask]]
Sent: Thursday, March 08, 2012 3:59 PM
To: [log in to unmask]
Subject: [MSUNAG] FW: UPS Delivery Notification, Tracking Number B80F119957814DA9

 

This looks like a particularly dangerous email load – a credible looking web page attachment which offers an executable “invoice”  Unless I am mistaken, this could catch quite a few users.

 

Laurence

 

From: UPS Quantum View [mailto:[log in to unmask]]
Sent: Thursday, March 08, 2012 1:49 PM
To: [log in to unmask]
Subject: UPS Delivery Notification, Tracking Number B80F119957814DA9

 


You have attached the invoice for your package delivery.

 

Thank you,

United Parcel Service

*** This is an automatically generated email, please do not reply ***