Log in

View Full Version : USPS Delivery Failure Notification "USPS report.zip"


evaluator
November 19th, 2011, 17:42
just received in mail "USPS report.zip". Norton on Yahoo allowed to download, but should be malware..
passw: malware


Code:
From United States Postal Service Sat Nov 19 12:35:55 2011X-Apparently-To: you@yahoo.com via 209.191.125.64; Sat, 19 Nov 2011 05:17:11 -0800
Return-Path: <info@usps.com>
X-YahooFilteredBulk: 1.54.20.157
Received-SPF: softfail (transitioning domain of usps.com does not designate 1.54.20.157 as permitted sender)
X-Originating-IP: [1.54.20.157]
Authentication-Results: mta1003.mail.bf1.yahoo.com from=usps.com; domainkeys=neutral (no sig); from=usps.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO usps.com) (1.54.20.157) by mta1003.mail.bf1.yahoo.com with SMTP; Sat, 19 Nov 2011 05:17:08 -0800
Received: from unknown (89.99.156.185) by relay-x.misswldrs.com with ASMTP; Sat, 19 Nov 2011 09:02:13 -0400
Message-ID: <746d01cca696$41638c50$b19f5532@info>
From: "United States Postal Service" <info@usps.com>
Add sender to Contacts
To: <max4sale@yahoo.com>,
Subject: USPS Delivery Failure Notification
Date: Sat, 19 Nov 2011 08:35:55 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_C16_2998_5B51E99C.D5B543B7"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Content-Length: 37442

Hello!

Unfortunately we failed to deliver the postal package you have sent on the
12th of November in time because the recipient's address is erroneous.

Please print out the shipment label attached and collect the package at our
office.

United States Postal Service

Woodmann
November 19th, 2011, 22:16
Hmmmmmmmmmmmm............

misswldrs.com is unknown.

A phishing party from who knows where via
Austria via Vietnam.

Mississippi welders . com.

BWahahahahahahahahaaaaaa.

Because everyone knows that the USPS relays
their mail around the world.

Woodmann

Kayaker
November 20th, 2011, 00:43
Google for the Company/Product name in the Version info and it rebounds as Worm.Win32.Gamarue.AMN. Comodo Antivirus doesn't recognize it either.

Looks like obfuscation hell...

evaluator
November 20th, 2011, 06:06
ya, y_esterday was on Ubuntu.. today looked on XP..
in attachments are my unpack-works.

passw: malware