TrojanDownloader.Kuluoz.B distributed via image based email
Another United Parcel Service (UPS) spam has been discovered and this involves emails regarding failed package deliveries due to a faulty recipient address.
The emails carry different subjects like:
- Your parcel is not delivered
- Error in the delivery address ID#7277
- Failure to deliver ID #92198
- Print your postal label
- UPS delivery refuse ID #4714
- You should come to the post office
- Your delivery status has changed
The email is sent from a spoofed UPS address firstname.lastname@example.org and has the following body:
Behind the image is a URL – hxxp://www.wis-freiberg.de/JLBYAWZHRN.htm. This downloads a file named Label_Copy_UPS.zip and contains a 109 kB executable file called Label_Copy_UPS.exe.
Quick Heal successfully detects and deletes the attached file along with the installed rogueware from your machine.