Sophos — Be on your guard against the latest “undelivered package” malware attack that cybercriminals are spamming out right now.
Regular readers of Naked Security will be all too familiar with emails claiming to come from the likes of FedEx, UPS and DHL which pretend to be about a parcel that wasn’t delivered properly (and all you have to do is click on the attachment to learn more become infected.)
Now we’re seeing malicious emails which pretend to come from “Post Express Service”. Here’s a typical example:
Subject: Post Express Service. Get the parcel NR<random number>
Message body:
Dear client.Your package has been returned to the Post Express office.
The reason of the return is "Error in the delivery address"Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.Thank you.
Post Express SupportAttached file: Post_Express_Label_<random number>.zip
Other subject lines used in the attack include:
Post Express Service. Number of your parcel <random number>
Post Express Service. Package is available for pickup! NR<random number>
Post Express Service. Delivery refuse! NR<random number>
Hopefully you and the users inside your company won’t be so excited about the thought of an unexpected parcel that they open the attached file, as doing so will infect your Windows computer with malware.
Sophos detects the ZIP file as Troj/BredoZp-BT and the enclosed malware as Troj/Spyeye-R.
Remember, there’s only one reason why cybercriminals keep using this type of social engineering to fool users into running malware – it works.
.
If you got a suspicious email, you can forward it to us [malware@computersecurityarticles.info], or you also able to submit the malicious file via “Virus Submit“.
thank you..I deleted it !!
Thanks. I almost fell for this one as I was waiting for a parcel. Fortunately the bad English set off some alarm bells, so I Googled instead.
@Jack, Sue: If you have another malicious email/file, just send it to us
Thanks I was wondering what this was as I order so much from the net I actually thought something had gone wrong.
can anyone help! i opened up the post express email and now i cant even get my computer to start in safe mode (or any mode for that matter).i can get to the password screen (windows 7) then on entering the password the computer just shuts down, please any ideas /help would be much appreciated.
I found 2 clues, so I Googled too. I get more than my share of this stuff. The first was the use of returned. Since I did not ship anything through this company in the first place, that was a big clue. The second was I have not heard of Post Express Service. If they are a legitimate shipping company, I feel sorry for them as this cannot be good for business.
I have downloaded the zip file and got a virus
… as waiting for 3 parcels. Can’t go on windows update, load in safe mode… my computer keeps saying it needs to update. please help.
wow and i fell for it messed by computer up really bad, a blue screen kept coming up everytime, luckily i sorted it but its awful people do this, some people are sick!
Many thanks!Deleted!
I too received this email today, Something about it just did not look right, plus I too have never heard of post office express.
I always right-click and “view message source” of suspicious mails like this…feels safer, and i get to see senders email and IP, plus what it says in text…ive found out countless mails were fake spams this way, plus avoided virus and trojans ^^ -And if you’re even just a lil bit in doubt, ALWAYS google the title of the mail…will save you from a world of trouble..LITERALY ! XD
I was waiting for packages when this email came. Luckily I tried openning it on my iPod only and then suddenly realized it was a zip file. I tried again and nothing happened or showed up on screen. Came back to the email a few hours later and re-read it, notice the poor grammar , & spelling. Googled it and came to this website. It looks real too! Email invoice # and all.
Thank YOU so much for posting this up!!!!!!
I forwarded it to you guys and will delete it asap! Thanks again.
thanks for the info on this guys, i almost opened it but googled it first instead.i would have felt terribly as i was just checking my mail but i was using my sisters computer.
I received this too, but i became suspicious because i wasnt expecting anything from the USA anyway so HELLO!!
I just deleted it!!
Thanks..
I received one and now I am having trouble starting the computer. what can I do
Opened it, managed to delete but Norton says it needs to be reinstalled. Worried about leaving pc vunerable. Computer working ok, worried if my bank details are at risk because of this virus. Any advice please?
Merci
je vais le supprimer mais avant je vais vous l’envoyer une copie
merci encore
I am receiving these and other scam spam on my business e-mail on a regular basis. My advice to anybody who is in two minds whether to open an e-mail attachment you are not sure about is DON’T DO IT!!!!!!!
Any businesses or unknown senders who require you or anyone you know to act on instructions given in these sorts of e-mails, if it’s important enough, will always contact you again if it is legitimate.
Never let intrigue get the better of you!
Now it won’t let me access internet. Keeps cutting me off.
Got this one and thought it was suspicious whats the best programme to protect you against this shit??
Can anyone tell me what does it do and how to rid of it. My wife recived it and she did open the zip file. there is no one on the net I can find that talks about how to rid of it
Thank you
The thing gets worse with each effort you make to escape it… eventually it takes over to the extent that your computer is virtually useless…. it blocks you from system restore and certainly won’t let you add or delete programs at the control panel… What I REALLY wish is that i knew who the actual guy was that pulled the trigger on the thing… I’d go to his office with a
sledge hammer and show him how yours truly renders a computer unserviceable and how I also render certain spammers just as ineffective with just a few swings of a 25 pound hammer.
Thank god that we have forums like these to help people who get these emails. I have just had one put into my junk mail and luckily for me I was not expecting a parcel. Deleted the email now though before I opened up the attachment. Thank you for providing this information as there are ery vulnerable people out there!!
I downloaded it, but I’m on a Apple MacBook Pro… Nothing happened, I deleted everything, and sent the email to spam after reading this… Does that mean I’m in the clear?? Is this just a Windows attack??? Do I need to start crying???
I nearly fell for it, since I ordered something online earlier in the week and I don’t order stuff online very often. The thing that saved me was not knowing what the hell “Postal Express Service” is, so googled it, and… well, ended up here.
I disregarded the fact that it was flagged as spam, since it is pretty common for me to get mail that is flagged as spam, but isn’t.
I find it strange that I got this nearly a week after placing my order since the item is shipped to me from the UK and I live in Sweden. At first glance, I actually thought there was something wrong with the delivery. Thank god for my internet-paranoia.
This is the first time I get this… is it just a coincidence that I got this mail just as I ordered something?
I’ve also just had one of these but didn’t open it as I was suspicious of anyone who doesn’t leave a card through the door to say they have tried to deliver the parcel. Like a number of other people on this site, I am expecting parcels at present through orders via the internet. Is this scam somehow linked to valid orders I wonder?
Thanks. I did receive on 01.04.11 similar mail which asked me download the attached invoice copy ssn.22667.zip 24.17kb. As I was not expecting any parcles, I grew very suspicious and did not open it and from this search, confirming my suspicion I have deleted it.
I too wonder the source of the same. how do they get our email address? Is it anything to do with our online purchases ?
Friends may pl comment.