Your order has been paid! Parcel NR.5748

Nik

15 years ago

<a href="http&colon;//wincert&period;net/wp-content/uploads/2015/01/security2&period;jpg"><img class="alignnone size-full wp-image-545" src="http&colon;//wincert&period;net/wp-content/uploads/2015/01/security2&period;jpg" alt="security box,usps,virus,malware" width="720" height="340" /></a>&NewLine;From what I can see, variations of BredoLab virus keeps on coming&period; I&&num;8217&semi;ve already wrote two articles about suspicious e-mails that I&&num;8217&semi;ve received&period; Those mails contained a virus that wasn&&num;8217&semi;t detected by my antivirus software (Microsoft Security Essentials)&period;&NewLine;Both mails came from spoofed ups&period;com domain&period; This time, we have a spoofed amazon&period;com domain, so be careful&period;&NewLine;<&excl;--more-->&NewLine;I&&num;8217&semi;ve received this suspicious mail this morning and I am sure that it contains a virus, probably another variant of Bredolab trojan&period; The problem is that this variant still isn&&num;8217&semi;t recognized by some of the most popular Anti Virus applications like Microsoft Security Essentials, Avast, NOD32, Panda, Kaspersky etc&period; According to virustotal&period;com, only 20&percnt; of tested antivirus applications managed to detect a thread which includes Sophos, Symanted, Trendmicro etc&period;&period;&NewLine;Here are the contents of this mail&colon;&NewLine;From&colon; Shop Support Dolly Davison [support&period;shop&commat;amazon&period;com]&NewLine;Subject&colon; Your order has been paid&excl; Parcel NR&period;5748 (Note&colon; it can contain different numbers as those are generated randomly)&NewLine;Attachment&colon; Print&lowbar;label&lowbar;6387&period;zip (contains Print&lowbar;label&lowbar;6387&period;exe)&NewLine;Body&colon;&NewLine;Hello&excl;&NewLine;Thank you for shopping at Amazon&period;com&NewLine;We have successfully received your payment&period;&NewLine;Your order has been shipped to your billing address&period;&NewLine;You have ordered &&num;8221&semi; Dell Inspiron Mini 1011 &&num;8220&semi;&NewLine;You can find your tracking number in attached to the e-mail document&period;&NewLine;Print the postal label to get your package&period;&NewLine;We hope you enjoy your order&excl;&NewLine;Amazon&period;com&NewLine;&&num;8212&semi;&&num;8212&semi;&&num;8212&semi;&&num;8212&semi;&&num;8212&semi;&&num;8212&semi;&&num;8212&semi;&&num;8212&semi;&&num;8211&semi;&NewLine;I have reported suspicious file to Microsoft and will update this article once I get results&period;&NewLine;UPDATE&colon; Microsoft confirmed that this is another variant of Trojan&colon;Win32/Oficla&period;M&period; Please update your virus definitions so you can be fully protected&period;&NewLine;More information <a href="https&colon;//www&period;microsoft&period;com/security/portal/Threat/Encyclopedia/Entry&period;aspx&quest;name=Trojan&colon;Win32/Oficla&period;M" target="&lowbar;blank">HERE</a>&period;&NewLine;