United States Postal Service Alert

[Miyuki]

We have seen some of these: http://antifraudintl.org/showthread.php?t=53220

This comes from the Postal Service: https://postalinspectors.uspis.gov/r.../SpamAlert.pdf

BEWARE OF SPAM!
BOGUS DELIVERY MESSAGES E-MAILED TO
POSTAL CUSTOMERS

Some postal customers are receiving bogus e-mails about a package delivery. The e-mails contain a link that, when opened, installs a malicious virus that can steal personal information from your PC.

The e-mails claim to be from the U.S. Postal Service and contain fraudulent information about an attempted or intercepted package delivery. You are instructed to click on a link to find out when you can expect your delivery. But Postal Inspectors warn: Do not click on the link!

Like most viruses sent by e-mail, clicking on the link will activate a virus that can steal information—such as your user name, password, and financial account information.

What to do? Simply delete the message without taking any further action. The Postal Inspection Service is working hard to resolve the issue and shut down the malicious program.

If you have questions about a suspicious postal email or wish to report spam, contact the Postal Inspection Service at [spam@uspis.gov].

[Garreg Ddu]

WARNING!!

ANOTHER ATTEMPT TO INFECT WITH MALWARE

THE ATTACHMENT TO THIS EMAIL HAS A VIRUS

PLEASE DO NOT DOWNLOAD AND UNZIP AND RUN THE PROGRAM

The exact nature of the malware is being investigated by AvertLabs. Further information will be posted when available.

Return-Path: <anonymous@100kormore.com>

Received: from 100kormore.com (100kormore.com [198.171.203.245])
by mail.bigstring.com (Postfix) with ESMTP id 7971C1DEC02FC; Tue, 10 Apr 2012 04:14:50 -0400 (EDT)

Origin IP Address = 198.171.203.245 = NTT America, Inc., 8300 E Maplewood Ave., Suite 400, Greenwood Village, CO 80111, USA

Date: 10 Apr 2012 08:14:34 -0000
To:
Subject: An error of the parcel�s delivery
From: "US Postal Service" <support.id393@usps.com>
Reply-To: "US Postal Service" <support.id393@usps.com>



Notification,

We couldn’t deliver your parcel at your address.
Status:The size of parcel is exceeded.

LOCATION OF YOUR ITEM:Minneapolis
DELIVERY STATUS: sorting
SERVICE: Express Mail
NUMBER OF YOUR PARCEL:U146393879NU
INSURANCE: Yes

Label is enclosed to the letter.
Print your label and show it at the post office.

An additional information
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $16.75 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
USPS Services.




Attachment: Label_Parcel_USPS_13-114.zip 40060 bytes

[Garreg Ddu]

MALWARE CONFIRMED

This as another example, from a different origin, but with the same malware.

The exact nature of the malware still has not been confrimed, but Norton Anti Virus email checker has picked it up.

PLEASE DO NOT OPEN THE ATTACHED ZIP FILE.

Return-Path: <anonymous@surfsup2.surfsglobal.com>
X-YahooFilteredBulk: 65.38.171.157
X-Originating-IP: [65.38.171.157]

Origin IP Address = 65.38.171.157 = Latisys-Denver, LLC., 393 Inverness Parkway, Englewood, CO 80112, USA

To: **********@yahoo.com
Subject: Postal label contains detailed information
From:
"US Postal Service" <personal.information@usps.com>
Reply-To: "US Postal Service" <personal.information@usps.com>
Attachment: Label_Parcel_USPS_13-114.zip 29Kb <<-- INFECTED!!

Delivery information,

Our company’s courier couldn’t make the delivery of parcel.
Reason deny\The size of parcel is exceeded.

LOCATION:Fremont
STATUS OF YOUR PARCEL: not delivered
SERVICE: One-day Shipping
:U182092096NU
INSURANCE: No

Postal label is enclosed to the letter.
Print a label and show it at your post office.

Information in brief:
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $3.51 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for your attention.
USPS Global Services.

[Garreg Ddu]

The malware in the attachment Label_Parcel_USPS_13-114.zip has been identified by AvertLabs as Downloader.a!bpm.

Further information is available at http://home.mcafee.com/VirusInfo/Vir...px?key=1023971

PLEASE DO NOT OPEN THE ATTACHMENT

YOUR PC WILL BE INFECTED.

Details are:

McAfee Detection
Downloader.a!bpm
Length 27176 bytes
MD5 0ae0a3be0cb9ac6f2b6a9e246f938fa4
SHA1 604afc8da4b7c4b8a3e89059a88485591ee439d5

And for other AV systems:

avast Win32:Karagany-FH
avira TR/Dldr.Agent.28745
Kaspersky Trojan-Downloader.Win32.Plosa.gdv
Microsoft TrojanDownloader:Win32/Karagany.I
norman W32/Plosa.C
Sophos Mal/Cleaman-G

The Trojan attempts to make your PC link to a possible SPAM-BOT control server:

The applications attempted the following network connection(s):


95.163.67.***:80

hxxp://tous.piensachile.com/*****

Data replaced with *** to prevent accidental linking.

[Sapphire's Strike]

Received from: 203.150.224.157 - THAILAND. Bangkok, Krung Threp - Inet
Return-Path: [sakolchai@ubuntuGUI.porar.com]
Subject: Failure to deliver
From: "US Postal Service" [delivery_parcel@usps.com]
Date: Tue, 10 Apr 2012

Postal notification,

Courier service couldn’t make the delivery of your parcel.
Reason deny:Wrong delivery address.

LOCATION OF YOUR PARCEL:Fremont
DELIVERY STATUS: not delivered
SERVICE: Express Shipping
ITEM NUMBER:U713458557NU
FEATURES: No

Postal label is enclosed to the letter.
Print a label and show it at your post office.

An additional information
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $16.66 for each day of keeping over limited time.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for attention.
USPS Global.


DO NOT OPEN ATTACHMENT


1 attachment | Download all as zip (28.6 KB)
Label_Parcel_USPS_13-114.zip (28.6 KB)

[Sapphire's Strike]

RECEIVED FROM: 128.121.78.220 - USA, Englewood, CO - NTT America, Inc. CO
Return-Path - [www@canserver.com]

Date: Mon, 9 Apr 2012
Subject: Your delivery status is changed
From: "USPS Customer Service" [shipping_nr233@usps.com]

Notification,

Our company’s courier couldn’t deliver your parcel.
Reason deny:Wrong data delivery.

LOCATION OF YOUR PARCEL:Oakland
STATUS: sort order
SERVICE: Express Shipping
NUMBER OF YOUR ITEM:U195395211NU
INSURANCE: No

Label is enclosed to the letter.
You should print the label and show it in the nearest post office to get a parcel.

Important information!
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $9.28 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for attention.
USPS Customer.

do not open attachment - viral

[SoStupid]

Recieved this today...

Postal Service personal.information@usps.com via srv5.hosting.cl
Here is info on it
http://whois.domaintools.com/190.96.85.5

nic-hdl: JAM35
person: Jorge Alejandro Andrade Muñoz
e-mail:

country: CL
phone: +56 2 4139742 []
created: 20120410
changed: 20120410

Postal notification,

Our company’s courier couldn’t deliver your parcel.
Reason deny\Address delivery doesn’t exist in database.

LOCATION:Yonkers
STATUS OF YOUR ITEM: sorting
SERVICE: Local Pickup
Parcel number:U196716567NU
INSURANCE: Yes

Postal label is enclosed to the letter.
Print a label and show it at your post office.

Important information!
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $15.37 for each day of keeping over limited time.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you.
USPS Logistics.

[Sapphire's Strike]

Received from: 93.174.4.91 - SPAIN - Grupo Interdominios S.A.
Return-Path: anonymous@disli28.interdominios.com

Subject: USPS Tracking number No4274
From: "USPS Post Office" status_parcel@usps.com
Date: 1 May 2012

Notification,

Our company’s courier couldn’t make the delivery of parcel.
Status deny:Postal code contains an error.

LOCATION OF YOUR PARCEL:Honolulu
STATUS OF YOUR ITEM: sorting
SERVICE: Express Shipping
NUMBER OF YOUR ITEM:U229664699NU
INSURANCE: No

Postal label is enclosed to the letter.
Print your label and show it in the nearest post office of USPS

Attention!
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $21.43 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for attention.
USPS Logistics.

ATTACHMENT: Label_Parcel_USPS_782-N145 - ZIP FILE - VIRAL DO NOT OPEN

[Sapphire's Strike]

see thread: http://antifraudintl.org/showthread....336#post198336

[Sapphire's Strike]

Received from: 24.139.54.152 - USA. Oklahoma, Lawton - Fidelity Communication International Inc
Return-Path: providing.us@usahelp-usps.com

From: "USPS Express Services" providing.us@usahelp-usps.com
To: xxxxxxx
Subject: Error in the delivery address ID#94413
Date: Thu, 30 Aug 2012

Screen shot 2012-08-31 at 4.00.42 PM.jpg

WARNING - DO NOT PRESS ANY PART OF THE EMAIL TEXT NOR ATTEMPT TO PRINT ANY LABELS.