Anand Yadav

TrojanDownloader.Kuluoz.B distributed via image based email

Aug 28, 2012 by     7 Comments

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)

Another United Parcel Service (UPS) spam has been discovered and this involves emails regarding failed package deliveries due to a faulty recipient address.

The emails carry different subjects like:

  • Your parcel is not delivered
  • Error in the delivery address ID#7277
  • Failure to deliver ID #92198
  • Print your postal label
  • UPS delivery refuse ID #4714
  • You should come to the post office
  • Your delivery status has changed

The email is sent from a spoofed UPS address statements@us-ups.com.prediger.de and has the following body:

Behind the image is a URL – hxxp://www.wis-freiberg.de/JLBYAWZHRN.htm. This downloads a file named Label_Copy_UPS.zip and contains a 109 kB executable file called Label_Copy_UPS.exe.

Upon execution, it downloads and installs a rogueware called Live Secutiy Platinum.

Quick Heal successfully detects and deletes the attached file along with the installed rogueware from your machine.

Tags: , , ,
Posted under: Email, Malware
7 Comments + Add Comment
  • Onil S Sonawani August 28, 2012 at 1:14 PM

    I downloaded Label_Copy_UPS.zip and then VP repaired Label_Copy_UPS.exe as TrojanDownloader.Kuluoz.B

    But if it is proved that mentioned url downloads malicious file then Quick Heal Browsing Protection should detect url as a first line of defence But it is not detecting that !.

    Reply
    • Rahul Thadani
      Rahul Thadani August 29, 2012 at 11:07 AM

      Hi Onil,
      Browsing Protection blocks access to infected websites. In this case the malware enters the system only when an executable file is downloaded. That is when it is detected by Quick Heal.

      Reply
  • Sameer August 30, 2012 at 1:12 PM

    Thanks rahul for the update.

    Reply
  • Dineshs August 31, 2012 at 12:27 PM

    Thanks for given information..

    Reply
  • Palak Shah September 1, 2012 at 2:09 PM

    thanks for information, I am receiving around 10-12 E-mails daily
    like this claiming that you have won lottery or UPS Parcel or Paypal A/d
    or RBI important mail how should I stop them they orignate from different
    places

    Reply
    • Rahul Thadani
      Rahul Thadani September 3, 2012 at 11:20 AM

      Hi Palak,
      Firstly, you can report the emails as spam to the service provider that you are receiving these emails on. As a precaution you should delete these emails right after that and you must never reply to them.
      Thanks.

      Reply
  • Onil S Sonawani September 3, 2012 at 3:47 PM

    Hi Rahul,

    Quick Heal Has Got Detection Now.

    Harmful website accessed.
    Detected: Blk/Domain.237995
    Website accessed: http://www.wis-freiberg.de/label_copy_ups.zip
    Action Taken: Blocked

    Reply
Got anything to say? Go ahead and leave a comment!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


nine − 3 =

(Please read our blog guidelines before posting your comments.)

Recent Posts

Archives

  • [+]2013 (42)
  • [+]2012 (164)
  • [+]2011 (158)
  • [+]2010 (141)
  • [+]2009 (8)
  • [+]2008 (23)
  • [+]2007 (31)
  • [+]2006 (20)