I got caught with this one, so watch out. I ended up doing a complete
restore. Kill it!
Dave Hoy
WYANOKEE #6295
Camden, Maine
michael mcvey wrote:
------------------------------------------------------------------------
Subject: FW: Please DO NOT OPEN emails with subject like: UPS Tracking
Number ######
Date: Thu, 28 Aug 2008 20:25:01 -0400
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
-----Original Message-----
From: PAR Messenger
Sent: Thu 8/28/2008 4:08 PM
To: PTC; PTI; PGSC; RRC
Cc: Roger Marcoux; [EMAIL PROTECTED]
Subject: Please DO NOT OPEN emails with subject like: UPS Tracking
Number ######
We apologize for another repeat of this message. However we have
recently had several users contaminate their PCs with the UPS virus.
Again please DO NOT OPEN any emails that appear to come from United
Parcel Service [UPS]. The email contains a trojan style virus and may
require a complete and painful rebuild of your PC to eliminate.
Mcafee details are below.
Up-to-date McAfee VirusScan users with DAT 5348 or higher and minimum
scan engine of 5100 are protected from this threat. To check your
VirusScan version, right click the 'V' shield in your system tray
(lower right hand corner of your display); left click on 'About
VirusScan Enterprise'. The Scan Engine Version and DAT Version will
be listed in the window. If you need any assistance in updating your
McAfee software please contact your local Help Desk.
The virus attachment will have been removed by our Exchange mail
servers before the message reaches your mailbox. But as always, any
e-mail attachments should be handled with caution.
Characteristics -
UPS has issued a warning about a new computer virus circulating as an
attachment to emails purporting to originate from the 'UPS Packet
Service.' The warning is authentic. The virus is real and is a new
variant of Spy-Agent.bw. It can connect to the following website to
communicate stolen data, log actions and receive instructions:
* blatundalqik.ru
The subject line of the email message that contains the virus will be
in the form of UPS tracking code/number (such as UPS Tracking Number
9686554756) or something similar.
The bogus Packet Service messages claim a parcel sent by the user was
undeliverable due to an incorrect address. The user is instructed to
open an attachment containing a copy of the invoice. The attachment on
the email message is usually a zipped file that once opened will
deploy braviax.exe and burito.exe on your system. These two programs
will run and continue to download other dangerous programs to your
computer. We have also noticed that the programs disable antivirus
programs that may be installed on the user's computer. Properly
updated antivirus programs prevent this from happening.
Spy_Agent.bw is a trojan. Unlike viruses, trojans do not
self-replicate. They are spread manually, often under the premise that
they are beneficial or wanted. The most common installation methods
involve system or security exploitation, and unsuspecting users
manually executing unknown programs. Distribution channels include
email, malicious or hacked web pages, Internet Relay Chat (IRC),
peer-to-peer networks, etc.
As a general rule, users should always be wary of opening unknown file
attachments, and maintain up-to-date antivirus protection on their
computers at all times.
Thank you in advance for your cooperation.
This is the alert UPS is sending out about the virus. They have also
posted it on their web site:
Attention Virus Warning
We have become aware there is a fraudulent email being sent that says
it is coming from UPS and leads the reader to believe that a UPS
shipment could not be delivered. The reader is advised to open an
attachment reportedly containing a waybill for the shipment to be
picked up.
This e-mail attachment contains a virus. We recommend that you do not
open the attachment, but delete the email immediately.
UPS may send official notification messages on occasion, but they
rarely include attachments. If you receive a notification message that
includes an attachment and are in doubt about its authenticity, please
contact [EMAIL PROTECTED]
Please note that UPS takes its customer relationships very seriously,
but cannot take responsibility for the unauthorized actions of third
parties.
Thank you for your attention.
------------------------------------------------------------------------
Talk to your Yahoo! Friends via Windows Live Messenger. Find Out How
<http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008>
