Another variant of Fakerean is arriving in email boxes.

 

This one claims to be from United Parcel Service, and has a subject line of:

Fedex Tracking N5421062126

 

The body text is:

 

Unfortunately we were not able to deliver postal package you sent on October the
18st in time because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office

Your UPS

 

This one has some dead giveaways that there is something fishy about it.

  • very poor grammar.  (October the 18st?)
  • UPS doesn't have a habit of giving out Fedex tracking numbers.

 

With previous virus alerts, big name antivirus software has been slow at picking up the virus, so this time, I delayed before testing.

The first time this virus variant was seen in an inbox at CB Services was 1:05 AM on Tuesday, October 20, 2009.

It was scanned at virustotal.com for this warning at 8:41 PM, on Wednesday, October 21, 2009.

 

The results were slightly better, in that Symantec/Norton and Trend Micro antivirus engines detected the virus.  McAfee in it's base form still missed it, though.

But this doesn't take into account that this is simply a variant of FakeRean, which has been around since at least October 14, 2009, as shown in my first alert about this virus, posing as an Outlook settings file update.

 

The fact that any antivirus would missing a simple variant of a virus that's over a week old does not say good things about that antivirus software, and even the industry in general.  This is especially true since this virus variant was caught by less than 61% of antivirus software when it was scanned.

 

It's been given at least an entire 2 full workdays to infect computers at business places, and antivirus is not even up to a 2/3 detection rate, yet.

 

UPS Fedex Tracking Number N5421062126

 

This FakeRean variant is, like the previous one, a fraudulent attempt to sell fake antivirus software.

 

If you are infected with this, and seeing popup warnings about massive virus infections on your computer, do not, under any circumstances, purchase the recommended software.  This will simply, put your credit card number in the hands of criminals.

If you can't remove the infection yourself, take your computer to a knowledgeable computer technician.

 

Computer Services