Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Canada Post virus Malware PDF EXE

I have received this email a few days ago.

*** This is an automatically generated email, please do not reply ***

From: Canada Post [] 
Sent: Tuesday, June 28, 2011 9:33 AM
Subject: Package delivery failed for XXX !

We attempted to deliver your item at 09:23 am on June 28th, 2011.

The delivery attempt failed because nobody was present at the shipping address, so this notification has been automatically sent. 
You may arrange redelivery by visiting the link below or pick up the item at the Canada Post Office indicated on the receipt.

If the package is not scheduled for redelivery or picked up within 48 hours, it will be returned to the sender.

Label/Receipt Number: RT094019141HK
Expected Delivery Date: June 28th, 2011
Class: Package Services
Service(s): Delivery Confirmation
Status: eNotification sent 

To download the shipping receipt, in PDF format, visit:

To check on the delivery status of your mailing or arrange redelivery please visit the following URL:

 Thank you, 
ÂCopyright 2011 Canada Post Corporation

udiar14 - I thought it is real email I did press on the link below.

To download the shipping receipt, in PDF format, visit:

It did download the file and double click to open it. It did not open anything and maybe install an EXE.

I have a few questions:

1.     Anyone knows if Sophos can find the EXE and remove it?

2.     What the EXE is trying to do? 

3.     I did run the Sophos software on my laptop and it did not discover anything!!

4.     I also run: Malwarebytes' Anti-Malware , Spybot - Search & Destroy , Windows Defender , none of these product found anything?

5.     Am I safe? is my pc really clean?




This thread was automatically locked due to age.
  • We have had 3 users get this e-mail last night and this morning.

    Two of them even clicked the links (:manmad:)

    Did they really think that a Canadian postal service was going to be delivering them a parcel in the UK for F***sake where do we find these users from :mansad:

    I have submitted it to

    Hopefully the sophos appliance will start catching it soon!


  • Hello udiar14, could you confirm if you have on-access scanning enabled? If not i would recommend a full system (inc scan of the affected system at the very least. IanRMartin thank you for your submission, it should be processed and in place shortly I would expect, if you see it still popping up please let us know. Thank you for the heads up though all.