We are seeing them come in. The common static denominators are:

1. Subject line "UPS Tracking Number"
2. Body contains" Unfortunately we were not able to deliver postal package
you sent on July the 1st in time because the recipient's address is not
correct.
Please print out the invoice copy attached and collect the package at our
office

Your UPS"


Mike



-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy
Armbrecht
Sent: Monday, July 21, 2008 4:23 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] New Virus (.exe) in a zip attachment?

We juat saw a new apparent virus/phishing threat come across trying to 
imposter as a failed UPS delivery notice.

The file attached was called UPS_INVOICE_978172.zip and included a .exe file

within.

Is their anyway to catch these in the BanFile area of Declude?  We do allow 
banned files within a zip in our current config.

It would have to be set up as a wild card I imagine (assuming the numbers in

the file name would change).

We've only seen one of these so far, so do not have anything else to compare

to to see if name is changing or not.

-------
Randy A.
Technical Support Director
Global Web Solutions, Inc.
804-442-5300
http://globalweb.net 




---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.




---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

Reply via email to