Yes, there are lots of web-based threats out there - but that doesn't mean that cybercriminals have stopped abusing email systems to spread their malware.
In the past few days we've seen hundreds of thousands of dangerous emails posing as a "Facebook Password Reset Confirmation", a "Contract of Settlements", and failed deliveries from DHL, amongst others.
Today the bad guys have changed their tack - but only slightly. Rather than DHL or FedEx, they've switched back to UPS:
The message in the email reads:
Unfortunately we were not able to deliver postal package you send on October the 1st in time because the recipients address is not correct. Please print out the invoice cioy attached and collect the package at our office
Your UPS
Of course the emails, which have the subject line "UPS Invoice 5305325782943", aren't from the courier delivery firm at all, and opening the attached file is simply exposing your computer to malware danger.
Sophos detects the attached file (RESU8723.zip) as Troj/BredoZp-O or Mal/EncPk-LE. Users of other vendor's anti-virus products should check that they are properly defended.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
