USPS Scam

Viruses and worms
1

I received an email which pretends to be from USPS.COM but I don’t believe it is.

I cannot find anyone else who has heard of this particular email. The link in the email attempts to download a file that looks like a “…PDF” but is actually a “…PDF.exe” so that is a RED FLAG for me.

The best thing to do is delete it and forget it, but I was wondering is there a way to present the link to someone to safely check it out to see what it really is? Can Sandbox be used to do this?

Curious but not Stupid,
Alan

2

upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see

alternative
Jotti http://virusscan.jotti.org/en
VirSCAN http://virscan.org/
Metascan http://www.metascan-online.com/

These UPS / DHL / FedX / DHL / IRS-tax…fake mails are not new, google it and you find lots of info
A Widespread Convincing and Dangerous UPS Scam
http://www.scambusters.org/upsscam.html
http://www.silverplanet.com/scams/internet-safety/upsfedex-delivery-failure-scam/57315

3

I don’t have a file to upload, I only have a URL that attempts to download a “pdf.exe” file which I did not download.

Is there any way to test it? I know it’s silly, I’m sure it’s a scam, I just wondered if there was a safe way to prove it?

Alan

4

Try that link at http://urlquery.net/ and see what they report,

polonus

P.S. Write-up on the scam: http://security.thejoshmeister.com/2010/10/upsusps-scam-e-mail-with-oficla-trojan.html link source: THE JOSHMEISTER ON SECURITY link author josh meister

D

5

Well, I messed up. When I typed in the URL I accidently replaced a “.” with a “/” and the checker went to the safe USPS.COM and reported it as safe.

When I try to put it in again, this time with the “.” instead of the “/” but the URL checking website just blinks and shows the blank for me to enter the URL again.

Oh well, I’ll try again later.

Alan

6

Pondus,
I have since solved this.
It was NOT a scam, however as you know there are plenty emails that are.
Thank you for your help.