Another week, another "failed delivery" malware attack

Filed Under: Malware, Spam

You may have come into work this morning to find an email in your inbox which claims to be from United Parcel Service of America. Well, if you did receive such a message then you're far from alone - as we've been intercepting many examples as they were spammed around the world.

The emails read as follows:

Hello!

We were not able to deliver postal package you sent on the 14th of May in time because the recipient's address is not correct. Please print out the invoice copy attached and collect the package at our office.

Your United Parcel Service of America

Malicious spam attack posing as communication from UPS

Just so you know, the tracking reference number used in the email's subject line changes each time.

Attached to the email is a file (called UPSNR_976120012.zip in the samples we've seen) that contains a malicious Trojan horse which Sophos detects as Troj/Agent-KBE. Launching the file is, obviously, not a good idea if you want to protect your computer from hackers.

The emails have a slightly different subject line each time

If you're a regular reader of the Clu-blog then this attack won't be any surprise to you - we've seen similar attacks on many occasions taking advantage of the names of shipping companies like UPS, DHL.

What is perhaps alarming is that the hackers still seem to think it's worthwhile using this trick to bust their way into innocent users' computers. Shouldn't we all be wise to this kind of social engineering by now?

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.