From: UPS Packet Service
Subject: UPS Paket N0328795951
Dear Sir/Madam,
Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your UPS
[Collected via e-mail, August 2008]
Unfortunately we were not able to deliver postal package you sent on July the 25 in time because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your FEDEX
www.fedex.com
Origins: A common (and unfortunately, effective) technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential
recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity that many people commonly deal with, such as one of the large Internet auction or retailing sites, or a national bank (or other financial institution), or a major provider of a common service.
That last area was in play in July 2008, when e-mail users experienced the onset of a virus spread through messages purporting to come from the United Parcel Service (UPS) or Federal Express (FedEx) parcel delivery companies. The bogus messages informed users about packages they had supposedly sent that could not be delivered due to incorrect recipient addresses and invited them to open and print out attached invoices in order to claim the undelivered packages at UPS offices. The messages included a file attachment called 'ups_invoice.zip' which actually harbored a malicious executable file called 'ups_invoice.exe', but the attachment displayed a Microsoft Word icon to make it appear like a harmless Word document and thereby lure recipients into clicking on it.
A mass mailing of this type was bound to hit quite a few people who had shipped something via UPS in the recent past and therefore might easily be lured into opening the virus-launching attachment, and UPS was quick to put up (and e-mail) a warning
about the malicious messages:
Attention Virus Warning
Service Update
We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.
This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.
UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.
Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.
Thank you for your attention.
Last updated: 22 August 2008
The URL for this page is http://www.snopes.com/computer/virus/ups.asp
