New USPS Shipment Virus Email

Mark Berry April 19, 2012

Here’s a new variation on the airline ticket virus email that I reported on last November. An email supposedly from the United States Postal Service says that I have a parcel waiting in Kansas City, and tells me to open the attached file:

USPS Virus 1

Don’t open the attachment! It’s a virus.

Virus Confirmation

There are several grammatical errors in the email which should make one suspicious. Plus I doubt that the USPS would send an email with zip file attachments. In fact, the USPS has a prominent warning about these emails on their home page that links to this PDF document:

USPS Virus 2

As usual, the icon for the extracted file is disguised to look like a document (in this case PDF), but if you turn off “Hide extensions of known file types” in Windows Explorer > Tools > Folder Options > View, you’ll see that it is actually an executable (.exe) file:

USPS Virus 5

Fortunately, a day and a half after receiving the email, 27 of 42 anti-virus engines are detecting the attachment as a virus, according to VirusTotal:

USPS Virus 3

Microsoft Security Essentials, updated 4/19/2012, catches this one:

USPS Virus 4

Microsoft Security Essentials is free for home use and for small businesses with up to 10 PCs.


Leave a Reply





*