1. Computing & Technology
About.com
Antivirus Software

UPS Spam is Trojan-Spy.Zbot.YETH

From Mary Landesman, About.com GuideNovember 10, 2008

Follow me on:

New malware is being spammed in an email masquerading as a notice from UPS (United Parcel Service). The email subject line reads "Your Tracking # 8773004563" and the message makes the following bogus claim:
Sorry, we were not able to deliver postal package you sent on October the 19th in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office. If you do not receive package in ten days you will have to pay 6$ per day.

Your UPS
The attached file is named "UPSINVOICE_87612.zip". Inside the zip file is an executable named "UPSINVOICE_87612.exe" with an icon poorly disquised as a Microsoft Word document. By default, Windows suppresses file extension viewing so if you've never fixed that, this simple trick could fool you. The alleged "invoice" isn't an invoice at all. According to ThreatExpert analysis, opening the file installs a rootkit-enabled banking trojan on your system. At the time of the spamming, detection among antivirus vendors was almost non-existent and the rootkit capabilities could mask its presence even after signature updates are applied. Simple steps can help you avoid being fooled by Trojan-Spy.Zbot.YETH and others like it. Make sure you have file extension viewing enabled and never open attachments received unexpectedly. To help ferret out malware hidden by rootkits, use one of these free rootkit detectors.
Leave a Comment
Comments
March 2, 2010 at 11:51 pm
(1) K :

Unfortunately I just opened a UPS attachment- it downloaded a UPS zip file onto computer- Is it gone if I deleted it and then emptied trash bin? Or must I do something else besides scanning as well. Header says mail came from SellMyGames.com -site is clearly foreign.

March 5, 2010 at 12:05 pm
(2) Julie :

K: I just opened a UPS attachment as well that downloaded a zip file. I didn’t open the file within the zip file, choosing instead to delete it. I have the same concerns. Please respond if you receive any advice that would be helpful to our situation!

March 11, 2010 at 9:53 pm
(3) antivirus :

If you just opened the zip but did not open the file inside it, you will be fine. (This assumes it really was a zip file, of course).

October 23, 2010 at 12:54 am
(4) Robin :

I was stupid and ran it. What do I do now? How do I get rid of it since AVG scanned it and didn’t find anything wrong?

Leave a Comment

Line and paragraph breaks are automatic. Some HTML allowed: <a href="" title="">, <b>, <i>, <strike>
Related Searches trojan spy yeth zbot ups spam

©2012 About.com. All rights reserved.

A part of The New York Times Company.