Wednesday, January 20, 2010


Virus alert from CMIT Solutions Stamford

When you receive an email from UPS regarding a package that can’t be delivered due to an incorrect recipients address you better watch out. The chance is very likely that this is a new variant of a Trojan trying to get your attention and to infect your computer.


The messages contains the text:

Unfortunately we were not able to deliver postal package you sent on July the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office

Your UPS

The messages includes an attachment which extracts the ups_invoice.exe file.  This file contains a trojan known as W32/Agent.HFN by F-Prot. We couldn’t resist to submit this file to Virus Total and to see how many signature based anti virus engine will detect this malware. This time there where only 8 of the 34 anti virus engines detecting the trojan.

Here is what came into my box


No comments: