United Parcel Service malware attack spreads fake anti-virus

by Graham Cluley on June 9, 2011 | 9 Comments

Filed Under: Malware, Spam

UPS parcelEmail inboxes around the world are being spammed today with a malicious attack designed to infect Windows computers with a fake anti-virus attack.

The emails claim to be notification from United Parcel Service (UPS) that a package is winging its way to your address. The cybercriminals behind the scheme hope that recipients will be intrigued enough to open the attached file, which can infect their computer with malware.

A typical message looks as follows:

United Parcel Service notification

Subject: United Parcel Service notification #[number]

Message body:

United Parcel Service
tracking number #[number]

Good morning
Parcel notification

The parcel was sent your home adress.
And it will arrive within 3 buisness days.

More information and the parcel tracking number are attached in document below.

Thank you

United Parcel Service of America (c)
153 James Street, Suite100, Long Beach CA, 90000

Attached file: UPS_Document.zip

Would the spelling mistakes and grammatical errors be enough to ring an alarm bell in your head? Or would the promise of an unexpected parcel being delivered be enough to trick you into opening the attachment?

Sadly you can't always rely on the bad guys being sloppy with their typing, and some attacks are more professional than others. The fact is that simple social engineering tricks like this can be enough to trick people who really should know better into making the mistake of opening an unsolicited attachment.

And remember this - when someone sends you a parcel, they give the delivery company your snail-mail address. They're very unlikely to have also given them your email address! So be suspicious of any emails from delivery companies which arrive unexpectedly.

Sophos products detect the malware threat attached to the emails as Mal/FakeAV-LI - a fake anti-virus scam designed to scare you into believing your computer has security problems in order to persuade you to part with your hard-earned cash.

Users of other anti-virus products might be wise to check that their security software detects this threat, as it has been pretty widely spammed out.

Tags: , , , ,

9 Responses to United Parcel Service malware attack spreads fake anti-virus

  1. Debbie Curtis-Magley says:
    June 9, 2011 at 3:49 pm

    At UPS, we take fraud seriously. We investigate fraud or misrepresentation of our services, information tools and brand using the Internet. Fraud on the Internet is a continuing global issue, so we post fraud protection information directly on our home pages around the world to advise customers. Here is the link for fraud protection information at our U.K. site: http://www.ups.com/content/gb/en/resources/ship/f...

    Thanks for educating your readers on this important topic.

    Debbie Curtis-Magley
    UPS Public Relations
    Twitter: @UPS
    Blog: http://blog.ups.com/

    Reply Report comment
  2. vanitas says:
    June 9, 2011 at 3:53 pm

    Have been receiving this as well as DHL and FedEx notices for the past two months at least. Seeing the bad spelling on the one I opened tipped me off (plus the fact that I had not ordered anything).

    Reply Report comment
  3. Tig Stone says:
    June 9, 2011 at 4:52 pm

    I have been getting these for months at my yahoo address. Same thing claiming to be from FedEx as well.

    Reply Report comment
  4. kevin says:
    June 10, 2011 at 1:00 am

    maybe try replying to the email first...if it bounces back there is a good chance its a fake

    Reply Report comment
    • NotHazard says:
      June 10, 2011 at 7:01 am

      That's horrible advice, while you might get a Daemon reply from some incorrect email, you don't always get one. Gmail does a pretty good job by blocking spoofed email addresses. I do wish that Google made it easier to see the ACTUAL identity of the sender, intead it's buried deep.

      Reply Report comment
  5. Roy W says:
    June 12, 2011 at 6:25 am

    I have seen these messages, but have not had attachments with them, however not expecting a parcel in any case should be significant enough to know that there would hardly be a birthday present coming from Auntie Clara in the near future

    Reply Report comment
  6. Peter Newman says:
    June 19, 2011 at 7:32 am

    I recieved and opened the file... which then sent my Internet explorer into spasms (I think it was trying to open IE, but Kasperski was shutting it down each time)

    How do I know I don't still have the malware in my PC?

    Reply Report comment
  7. @MrMickeyRourke says:
    September 9, 2012 at 2:26 am

    Thank you saved me!

    Reply Report comment
  8. Drake says:
    November 29, 2012 at 8:27 pm

    I have received nearly daily fake messages for nearly two months -all detected as potential viruses. When do they give up or stop as a rule?

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.