Virus alert from CMIT Solutions Stamford
When you receive an email from UPS regarding a package that can’t be delivered due to an incorrect recipients address you better watch out. The chance is very likely that this is a new variant of a Trojan trying to get your attention and to infect your computer.
The messages contains the text:
Unfortunately we were not able to deliver postal package you sent on July the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
The messages includes an attachment ups_invoice.zip which extracts the ups_invoice.exe file. This file contains a trojan known as W32/Agent.HFN by F-Prot. We couldn’t resist to submit this file to Virus Total and to see how many signature based anti virus engine will detect this malware. This time there where only 8 of the 34 anti virus engines detecting the trojan.
Here is what came into my box