Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

Canada Post virus Malware PDF EXE

I have received this email a few days ago.

*** This is an automatically generated email, please do not reply ***

From: Canada Post [mailto:tracking@canadapost.ca] 
Sent: Tuesday, June 28, 2011 9:33 AM
To:XXX
Subject: Package delivery failed for XXX !

We attempted to deliver your item at 09:23 am on June 28th, 2011.

The delivery attempt failed because nobody was present at the shipping address, so this notification has been automatically sent. 
You may arrange redelivery by visiting the link below or pick up the item at the Canada Post Office indicated on the receipt.

If the package is not scheduled for redelivery or picked up within 48 hours, it will be returned to the sender.

Label/Receipt Number: RT094019141HK
Expected Delivery Date: June 28th, 2011
Class: Package Services
Service(s): Delivery Confirmation
Status: eNotification sent 

To download the shipping receipt, in PDF format, visit:
http://www.canadapost.ca/cpotools/apps/track/personal/findInvoiceByPackageId.aspx?id=8374890988930

To check on the delivery status of your mailing or arrange redelivery please visit the following URL: 
http://www.canadapost.ca/cpotools/apps/track/personal/findByTrackNumber?execution=e9s1

 Thank you, 
© 2011 Canada Post Corporation

udiar14 - I thought it is real email I did press on the link below.

To download the shipping receipt, in PDF format, visit:

http://www.canadapost.ca/cpotools/apps/track/personal/findInvoiceByPackageId.aspx?id=8374890988930

It did download the file and double click to open it. It did not open anything and maybe install an EXE.

I have a few questions:

1.     Anyone knows if Sophos can find the EXE and remove it?

2.     What the EXE is trying to do? 

3.     I did run the Sophos software on my laptop and it did not discover anything!!

4.     I also run: Malwarebytes' Anti-Malware , Spybot - Search & Destroy , Windows Defender , none of these product found anything?

5.     Am I safe? is my pc really clean?

Thanks

udiar14

:14775
  • We have had 3 users get this e-mail last night and this morning.

    Two of them even clicked the links (:manmad:)

    Did they really think that a Canadian postal service was going to be delivering them a parcel in the UK for F***sake where do we find these users from :mansad:

    I have submitted it to is-spam@lab.sophos.com

    Hopefully the sophos appliance will start catching it soon!

    Ian

    :33223
  • Hello udiar14, could you confirm if you have on-access scanning enabled? If not i would recommend a full system (inc scan of the affected system at the very least. IanRMartin thank you for your submission, it should be processed and in place shortly I would expect, if you see it still popping up please let us know. Thank you for the heads up though all.

    :33231