Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Virus Alert: 'Your parcel is at the customs office'

by
25th Jul 2008
Save content
Have you found this content useful? Use the button above to save it to your profile.

WarningA new virus is circulating on the net that has evaded many anti-virus programs and email filters. On Thursday afternoon, AccountingWEB's TaxZone received an email purporting to be from "Customs Service", carrying a 21kb zip file called "Tax_Invoice.zip".

It had all the hallmarks of a classic email virus scam. The return address "[email protected]" was one clue, as was the message that read: "We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form."

The Customs tax invoice message looks to be closely related to an attack that started circulating last week in the guise of a message from UPS Packet Service.

Fleur Parker, customer services director, for TSG warned the reseller's customers and contacts that several businesses had already been infected by the bogus UPS delivery form.

"If you receive this email please delete it straight away and DO NOT open the attachment," she advised.

The McAfee Secure website identified the UPS virus as a variant of Generic Downloader.ab and reported that it was also circulating in a message claiming to include nude pictures of Angelina Jolie. Symantec Security Response catalogued it as Downloader.Diliv and Panda Security calls the Trojan virus Agent.JEN and notes that it has been in circulation since 2005.

What is worrying, however, is that such an obvious and publicly documented virus has made it through so many defences - and that users are still clicking to open suspicious email attachments. Remember that IT security is as much a state of mind as a function of anti-virus programs and observe the following instructions.

Safe computing precautions

Ensure you anti-virus signatures are up to date and to follow the "safe computing" guidance issued by software security companies - most importantly to install anti-virus software and never open attachments directly from Outlook. Treat every attachment with suspicion, download to your hard drive first (where it can be scanned with your AV software) and delete any mails with attachments that you are not expecting. Many viruses "spoof" the from address to be senders who may be familiar to you. Further advice and information is available from AccountingWEB's collection of IT security Expert Guides:

  • PCS Technology Briefing: How to beat viruses & spam
  • Information Security Expert Guides by Stewart Twynham, Bawden Quinn, which includes:
  • Information Security step five: Tackling viruses and spam
  • Virus clinic: practical advice from AccountingWEB members
  • Tags:

    Replies (2)

    Please login or register to join the discussion.

    avatar
    By mikewhit
    29th Jul 2008 14:12

    Ones that get through
    I forward any that get through Spam filtering to my Spamcop.net address (you register yourself with the site) to help ensure that the servers and email addresses get taken down.

    No need to use any of the other 'paid-for' facilities, and you feel that you are getting back at the spammers/phishers where it hurts, while retaining your own privacy.

    (I also report ones that do get caught in the Spam filters if they are 1) Phishing/bogus bank account details requests or 2) Selling bogus degrees ... purely from the goodness of my heart ;-)

    Thanks (0)
    avatar
    By User deleted
    25th Jul 2008 16:27

    Virus Alert
    A similar one received this afternoon from "Kerry Humphrey" AirTran Airways

    Subject
    Your ticket from {airlines}
    Good day,
    Thank you for using our new service "Buy airplane ticket Online" on our website.
    Your account has been created:

    Your login: (deleted by Bart Deco)
    Your password: (also deleted)

    Your credit card has been charged for $485.61.
    We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
    Attached to this message is the purchase Invoice and the flight ticket.
    To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

    Kind regards,
    Kerry Humphrey
    AirTran Airways

    Had a Zip file attached which I didn't open.

    Bart

    Thanks (0)