Cybercriminals have spammed out malware, posing as an email from the Royal Mail.
The emails, which claim that a package has been returned to the Royal Mail office, pretend to come from official-sounding addresses such as customer@royalmail.com or customer_service@royalmail.com.
Opening the attached file could lead to your Windows computer being infected by a Trojan horse.
Here's a typical example of what is being spammed out:
Dear customer.
A courier did not deliver the package to your address.
Reason: The package is too large
Information about your package is attached to the letter.
Read all information carefully and come to the "Royal Mail" office to receive your package.Thank you for your attention.
Royal Mail Service.
The reason given for non-delivery of the parcel can vary. For instance, the email might claim that your address does not exist, or that the parcel is too large.
Subject lines can vary also. Here are some of the examples we have seen in our traps:
Error in the delivery address No30173 You should come to the Royal Mail office and receive a package Track your shipment No24127 Cancellation of the package delivery Track your parcel No9782 A package is available for reception Get your parcel No083 Error in the delivery address No40046009 Error in the delivery address No0633376 You should come to the Royal Mail office and receive a package Delivery Problem Royal Mail Delivery information
The dangerous thing, of course, is the attachment. It's a ZIP file that Sophos's anti-virus products intercept as Mal/BredoZp-B and Mal/EnckPK-AAT.
(If you use a security product from another vendor, here is the MD5 hash which you can use to determine if you are protected: 6bd53a62c768f7ce8663310ed404b89c)
I have to ask myself - why are people believing these emails are from the Royal Mail in the first place? I mean, how do they think the Royal Mail got hold of their email address?
Malware attacks posing as messages from parcel delivery companies are nothing new of course - but we're more used to seeing attacks pretending to be from the likes of UPS, FedEx and DHL than the Royal Mail.
Always think before clicking on unsolicited attachments which arrive unexpectedly in your email. It's an old trick, but the reason why malicious hackers still use it is because it works.
Follow @gcluley
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
These have been going out for at least a month! Fortunately I've had no complaints to the help desk over needless trips to the Post Office.
Worth noting that of those mentioned in your blog Royal Mail & FedEx do not use any sender protection framework (SPF) DNS records to protect their name. DHL & UPS on the other hand do. No magic bullet of course but does help sort these kinds of messages out.
i have had a email from bogus royal mail .i was stupid and downloaded a zip file which contains a virus. and its telling me i have got critical hard drive errors and all i have is a black screen. i was actually waiting for a package from royal mail the same day as i got this spam mail.i ran a full scan with viper and it picked up nothing.gonna have to try another anti virus like Norton 360 which i have on my other PC and use Norton power eraser.i thought viper was supposed to be good/ apparently not.
boot in safe mode andrun malwarebytes antimalware & superantispyware, they will sort it out.
we had 3 machines go down in the office with the same thing.