UPS Invoice 5305325782943? It's another malware attack

Filed Under: Malware, Spam

Yes, there are lots of web-based threats out there - but that doesn't mean that cybercriminals have stopped abusing email systems to spread their malware.

In the past few days we've seen hundreds of thousands of dangerous emails posing as a "Facebook Password Reset Confirmation", a "Contract of Settlements", and failed deliveries from DHL, amongst others.

Today the bad guys have changed their tack - but only slightly. Rather than DHL or FedEx, they've switched back to UPS:

Malicious email claiming to come from UPS

The message in the email reads:

Unfortunately we were not able to deliver postal package you send on October the 1st in time because the recipients address is not correct. Please print out the invoice cioy attached and collect the package at our office

Your UPS

Of course the emails, which have the subject line "UPS Invoice 5305325782943", aren't from the courier delivery firm at all, and opening the attached file is simply exposing your computer to malware danger.

Sophos detects the attached file (RESU8723.zip) as Troj/BredoZp-O or Mal/EncPk-LE. Users of other vendor's anti-virus products should check that they are properly defended.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.