Fake United States Postal Service Emails Distribute Trojan Downloader

I had mailed several CD disks to associates several days ago.

Then I had an e-mail from federal@usps.com arrive. I opened and read it, assuming it was related to my recent mailing.

I started the download to print out the label and I instantly remembered I did not put my address or any info on the delivery confirmation slips! Also the
exact dates did not match up!

After a brief moment, I closed the download window...COULD THE VIRUS MADE ITS WAY IN?

The attachment is actually called USPSLabelDoc.zip and contains a variant of the Oficla trojan downloader, which as of today has only a 32.6% detection rate on VirusTotal.

Can someone shed light on this?

Even if you had downloaded the USPSLabelDoc.zip file, this is an archive, so it cannot infect your computer in this form.

However, if you open it and run the .exe file inside it, then you're in trouble. But from your description of the incident, you didn't do that, so you should be fine.

Anyway, it would be sensible to delete the USPSLabelDoc.zip file from your hard disk if the download finished. Just to avoid forgetting about it and opening it at a later time.

This just happened to me today. I knew it wasnt legit because my spam caught it. I too just recently sent a package through USPS, but one hour prior to recieving the fake USPS email about the package not being delivered, I recieved a refund notice from the vender. Then I tracked my package and it showed as delivered to sender.

My concern is, how did they know i sent a package and the date I sent it? I never put an email address on the package, but my name is registered at USPS because I order lables n boxes.

Someone at USPS selling our info??

Got this email yesterday and it crashed the computer at work. Thought it was safe because there was an image. Now I know better.....

THANK YOU!!! I AM GLAD I RESEARCHED BEFORE OPENING!!

yes agreed haha, i love the internet.

I recvd. the same email with the USPS logo and thought it was legit. I downloaded the USPSLabel.zip but could not open it. And I actually went down to the post office to collect the mail since I did post mail on Sept. 19th. but the post office of course did not have any such mail. Guess my computer is smarter than I am by failing to run the attached doc. Live and learn.

Fortunately Windows Defender picked this trojan up immediately. Coincidence would have it that l had posted a parcel on that day...and leapt before l looked!!
Although l spotted the error in the grammar...ie 'the parcel that you have sent' I put it down to usual bad American grammar.

I just got a message myself from Federal@USPS. com with no logo. The problem is that I am indeed searching for a package that was lost and the emails said"The parcel has your home address and will be delivered with 3 business days" Thank you, Customer Service...I sent an email to customer service today but deleted the email I got when I realised I had to open a zip file. That made no sense to me. Now I wonder how these spammers know you have mailed a package or contacted the postal service?

I got the same one as you, but did you find the hidden text at the bottom? It's more than a little eerie.

I got the same email. I never do any type of mail stuff, but I broke my foot and was having a protective boot sent to me by mail. I got the email the same day I placed the order for the boot, for my broken foot. This was all done off line and I never gave my info out over the net, at all.

Got one today that was detected as a mail notification and the sender was
United States Postal [federal@usps.com] and it has an attachment that Norton says is a
Trojan SASFIS and quarantined it

Thanks All of you , I got the message but my file was named : UPS_DocumentNR5598.zip . Unfortunately, I was waiting for a mail delivery and the message indicated that the mail is delivered to your home and it will reach you within 3 business days , for more information about tracking number download the attachment.

I downloaded the attachment but the NOD32 antivirus deleted it !. I tried again several times and the NOD32 deleted it all the time . I thought the file was right so I disabled NOD32 and downloaded the file and I ran the .exe file ...

I think I'm in a big trouble now though my PC is still running normally . I searched for the bfky.ojo but I didn't find it , I didn't find the registry of the virus either ! . Can anyone help me whether my PC is infected or not by this virus ??

I just received the email (into my hotmail account) this evening but was suspicious of it right away for a number of reasons.....

1. I live in Canada and no one I know in the U.S. has my hotmail address.

2. The email was addressed to my hotmail account but also included two BCC's email addresses that were similar to my own but with an @aol.com address and a single digit changed in the ID name.

3. Very poor grammar in the text of the body. That is always a 'dead giveaway' in recognizing spam messages.

So, needless to say, I did the smartest thing I could by researching the phony USPS email address first. Just as I suspected.... SPAM... and a nasty one at that!

got same email, download it but as I open it my antivirus immediately delete it, thanks to Avast

I recieved the Email but i have recieved emails from the real USPS and I knew that this one i recieved was wrong but i was curious i highlighted the whole email and it is transparent at the bottom but when highlighting it you get this Good afternoon!

The parcel was sent to your home address. And it will arrive within 3 business days.
More information and the tracking number are attached in document below.

Thank you for your attention.
UPS Global Services.





Junk, the sailor contemptuously called it, likening it, in point of texture, digestibility and nutritive properties, to the product of picked oakum, which it in many respects strongly resembled.The pork, though it lost less in the cooking, was rancid, putrid stuff, repellent in odour and colour-particulars in which it found close competitors in the butter and cheese, which had often to be thrown overboard because they stunk the ship. [Footnote: To disinfect a ship after she had been fouled by putrid rations or disease, burning sulphur and vinegar were commonly employed. Their use was preferable to the means adopted by the carpenter of the _Feversham_, who in order to sweeten ship once turnd on the * in the hould and through forgetfulness left it running for eighteen howers, thereby not only endangering the vessels safety, but incidentally spoiling twenty-one barrels of powder in the magazine. --_Admiralty Records_ 1. 2653--Capt. Watson, 18 April 1741. ] The peas would not break.
Sorry that was so long but thats what shows up but only highlighted as you was going to copy and paste it but i did not download the attachment

This shows just how SICK some people in this world have become: to send a fake email to probably millions of people all around the world. And for what? Not even to scam money, but just for the "joy" of messing up their computers? How crazy is that?! Oh, and yes I got this email as well, but I thankfully did NOT extract the pc-deadly file...not because I'm smarter than some, but instead because years ago I was a stupid scam victim in another way. I've paid my dues!

You're wrong when saying that this is not done to "scam money," but just to damage computers.

The emails infect computers with Oficla, a trojan commonly used to distribute fake antivirus programs (scareware).

So, a computer infected with Oficla will soon start throwing out warnings about fictitious infections and advising users to buy a useless "security" program.

That's a scam, that earns these attackers money. And in addition, they now have a method (Oficla) to infect their victims with even more malware; maybe the infamous ZeuS banking trojan.

Thank you !!! Got two mails today...
and I researched first of all :)

If you did not know if you highlight this whole message all the way to the bottom you will notice that there is a hidden story on the bottom of that email which was made in white to blend with the white screen so it wouldn't be possible to read it.

That is a known technique used by some spammers. In an attempt to evade some rudimentary spam filters, they insert chunks of texts copied from news stories, books and other documents. It is supposed to mimic messages created by a real humans.

thx guys !!!

Received same a few minutes ago. What warned and alerted me, was it was from a .com address instead of a .gov address. So, I researched it first and did not open it. My daughter told me that one of her girlfriends buddy's send out infected emails just to cause trouble for everyone. So, we are planning to send some of "the boys" over to correct his thinking and way of life. Support Department of Justice maximum prosecution of all spammer and hackers up to and including the legal death penalty.

I received this e-mail today. CRAP!

Got one of these today (postal-service@usps.com) - I would have opened it because I had recently mailed a package and figured it was related to that. Fortunately my anti-virus service blocked it when I went to open it!

Thank you. I just got this email and it had me going for a moment. I downloaded it but did not open the file. It was sent to a website admin email that FWDs to mine so that is what made it weirder. Yahoo mail put it in the spam folder but it does that with other things that I want auto generated and not so that in and of itself is not enough to tell me anything.

I just had to restore my system a few days ago after contracting some nasty fake virus thing when I did not even do anything this risky. Grr am I steamed!!!

This is why I run Ubuntu Linux

I just received one of these emails exactly as described. It looked suspicious so decided to do a web search and found your website. Thanks for confirming my suspicions. Aussie Mungo

Received the same mail today, thougt it suspicious becaus I didn't have any attachment with UPS lately, thank you for all the information.

got one today, too! Just went to the post office today, but I'm sure it was coincidence. Weird.

ughh. yes, i've been waiting for a few packages to arrive for weeks. about a week ago I got 3 different e:mails, all from USPS, or more specifically infovu@usps.com >___> the first two I recieved weren't even the right e:mail address. It doesn't seem like much of a coincidence that I am waiting for a package and I get an e:mail saying it's been lost... I never order anything in the mail, the one time I'm expecting and then I find this out?? glad my computer wouldn't let me download the attachment!

Just got this today, and the weird thing is, the date mentioned in the email I actually did mail something, so I wondered...

...but then I thought, how would the USPS get my email? I certainly didn't give it to them. And I know the address it was sent to was correct.

In the body of the email (very simple, plain text):

"Hello!

"Unfortunately we failed to deliver the postal package you have sent on the
12th of November in time because the recipient's address is erroneous.

"Please print out the shipment label attached and collect the package at our
office.

United States Postal Service"

No hidden messages, altho when I clicked to have it show the headers and stuff, it showed a To address that wasn't mine (but was another Yahoo address).

Thank goodness my suspicious nature kicked in.

And thanks for leaving this online so we can research this sort of crap.

Wow, Im happy to know this before I opened it...how can I stop them from coming into my email account?

I received one of these today as well. It was in my spam folder. I always check it before emptying it just in case something got misdirected as it always does. I always look at the from address and noticed it was from info@usps.gov. I personally have received correspondance from them before and it was from usps.com instead of gov. Mine states this:Hello!

Unfortunately we failed to deliver the postal package you have sent on the
12th of November in time because the recipient's address is erroneous.

Please print out the shipment label attached and collect the package at our
office.

United States Postal Service
and has the USPS report.zip attatched to it. I am now looking for a location to forward this to so that it can be noted and reported.

thank you so much. that is exactly what I got. I knew it was fake when I saw it was sent in q huge distribution list to other people. Interestingly the address they "captured" was my craigs list address. Hmmmmm !

i clicked on one, and immediatly got a pop up from my norton anti virus saying 'clean computer asap'. which i did, but now worried that i might have done damage, whata ya think...am i screwed?

I received this today in England. 1 Dec 2011. I haven't opened the attachment but wonder if my iMac would have 'caught' it before it did any damage. The email purports to come from support@usps.com and says
Good afternoon,

Your parcel has arrived at the post office on November 23.
Our Driver was unable to deliver the parcel to your address.
To receive a parcel you should go to the nearest USPS office and show your post label.
The post label is attached to this letter.

Thank you for your attention.
USPS Customer.

followed by the Post Label zip file which of course, I am not attaching here!

Got one from service@usps.com about a package they could not deliver. I opened it and it contained .exe files. I have a Mac and at that point I realised it was a scam I will run virus scan so I dont pass it on but did reply and tell the sender in no uncertain terms where his mother was born.
AM

mine was from "support @ usps.com"... It was fishy, but this one suggested there was a package for me, blah blah, print the attached shipping label. I hit "reply" and wrote the following:

I am not aware of any such package,
and I don't want to open your attachments.
Why no telephone number or site of online service/support?
And a tracking # is WAY longer than 3 digits...
If you are legitimate, you have my telephone #
so telephone me ASAP with more information
or I shall ignore this eMail altogether
(not to mention that you would know my NAME!)

As I suspected, the message bounced right back with the postmaster's notice of delivery failure

I had already talked to my Sister about it, and I couldn't resist the following gloat:

Ah-Hah!!!
Just as I suspected!
Idiots.
I am so smart!
S-M-R-T!

This is the e-mail I received:

Hello,

Your parcel has arrived at the post office on December 30.
We were not able to deliver your package to your address.
To receive a parcel you should go to the nearest USPS office and show your post label.
The post label is attached to this letter.

Thank you for your attention.
USPS Customer Services.

Attachement was: Post_Label_IN9375IS.zip

Does the virus work on macs?

I think my mother got this email. She opened the message and downloaded the file, but never opened it. But everything on her desktop and startup menu was wiped and the popups for the phony security have started. How do I get rid of it? I really don't want to wipe the computer and start all over again. We have things on there that we haven't backed up yet. She hasn't purchased anything either. I just need to know my options. Any help is greatly appreciated, even if its not what I want to hear.

And does anyone know anything about Comodo? My mother was really confused when it appeared on her computer and Kaspersky disappeared. Any answers are welcome. We aren't the brightest pixels in the computer screen if you know what I mean. Thanks!

Malwarebytes will detect and get rid of this. Did on my machine. Need to do a full scan. Other scans I have did not detect it.

Thank you for this story. In my case, the incoming mail purported to come from "your-support@usps.com".

This was helpful as I received an e-mail today supposedly from the p.o. I was suspicious as it said it would charge me $20. per day for storage if I didn't print the label and pick up the item. It just didn't add up so I did some research and found this article. Thanks

Here is the emaili just got from postal@usps.com, which attachment i did not open:
Delivery information,

Our company’s courier couldn’t make the delivery of parcel.
Status/Wrong data delivery.

LOCATION OF YOUR PARCEL:San Diego
STATUS: sort order
SERVICE: Local Pickup
ITEM NUMBER:U160684333NU
INSURANCE: No

Label is enclosed to the letter.
Print your label and show it in the nearest post office of USPS

An additional information
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $9.63 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
USPS Global Services.
not open:

I received this email twice and in both cases, I was actually expecting a package.

same here, got 1 today and lucky i google it before doing anything

I received a 'postal notification' by e-mail (support_id448@usps.com) about a non-ordered parcel: "If the parcel is not received within 30 working days our company will have the right to claim compensationfrom you for it's keeping in the amount of $ 13.67 for each day of keeping over limited time. USPS Global Services." Please your comment.
jan.muntendam

I ended up getting a very similar email, but ESET 5 picked it up and reports it as containing Win32/TrojanDownloader.Zurgop.AQ, a trojan. Google'd that and it basically does the same thing.

I should have known it was a virus. Strange McCaffee did not detect it. Made no sense whatsoever. Aftr 30 days , no pick up it would cost me $15.35 each day of keeping over limited time.

I was told to print the parcel label and show it at THE Post office, of which no location was listed. This is digusting. I called my Post Office they felt the same.

Thank you so much!!I recived one today(in Sweden) and thanks to you all I didn´t open it :)

I received the following notification today, Monday, May 21, 2012

Postal notification,

We couldn’t deliver your parcel at your address.
Reason:The size of parcel is exceeded.

LOCATION OF YOUR ITEM:Wichita
STATUS OF YOUR PARCEL: sort order
SERVICE: Express Mail
NUMBER OF YOUR PARCEL:U591775512NU
FEATURES: Yes

Postal label is enclosed to the letter.
Print your label and show it at the post office.

Important information!
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $14.81 for each day of keeping over limited time.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you.
USPS Global Mail.

I have been waiting for a package and so naturally fell for it, opened label and even RAN it, thought better instantly and deleted it, but it was too late. My Norton antivirus kept catching malicious attacks and threats, but nevertheless, my computer crashed today. I work at home and lost ev-ery-thing ! So B E W A R E !!! I called USPS and they said they never email people. First clue.

thanks. just got this email containing the exact details to what you described. I was expecting a delivery from UK in the last week but hadnt arrived so i figured i'd check the shipping details if it was the parcel i was expecting. I just wanted to be sure of the companying who was emailing me so i googled it and found this posting....thanks.... I did download the label but my mac wouldnt let me open the file.....getting rid of the email now....