Outbreak: USPS or Royal Mail package email delivers malware attack

Filed Under: Malware, Spam

DeliverySophosLabs has seen a widely spammed-out malware campaign today, designed to trick unsuspecting computer users into infecting their computers with a Trojan horse.

The messages use a variety of subject lines, and appear to contain adaptions depending on whether the criminals believe they are targeting a British or American computer user (Brits are lured into opening the attachment with an email seemingly from the Royal Mail, whereas American-based recipients may believe the message is from USPS).

Some of the subject lines used in the malware attack

The wording can vary, but here are some examples of both the USPS and Royal Mail versions of the malicious email:

Example of fake USPS malware email

Example of fake Royal Mail malware email

Contained inside the ZIP file is a Trojan horse, detected by Sophos products proactively as Mal/Bredo-Q.

The malware is only capable of infecting computers running Windows.

If you are one of the many people seeing this malware attack in your email today, please do not click on the attachment even if you are waiting for a package to be delivered. Instead, simply delete the email and your computer will be safe.

, , , , , ,

You might like

17 Responses to Outbreak: USPS or Royal Mail package email delivers malware attack

  1. Steven · 1006 days ago

    What amazes me that they can trick me into clicking on a link to track package #173496 and then have multiple names in the "To Field". They really think I'm going to believe that tracking number is for me personally? Haven't they heard of blind copying?

  2. Pauline F · 1006 days ago

    It might fool people. But what I say is "How do they know my email address if I have never ever given this out to this company?" DELETE anything suspicious AND call the relevant company yourself after you've looked it up....

  3. Incredulous · 1006 days ago

    How would they even know my e-mail adress from an undelivered package????!!!! Some people are scammed because they will believe anything!!

  4. Robert Gracie · 1006 days ago

    It just astounds me at how many of these I have seen its a joke I can tell its spam just by the email address the sender is sending from thats how I know its spam plain and simple

  5. Shadd · 1006 days ago

    I'll agree,.. what I'd really like to know is how are the spammers getting my email too! Sick of these sell out companies giving out my information or adding trackers on websites,.. its getting to the point the spam just never stops with anyone anymore, and was supposed to be at one time blocked by companies,.. now just all over the freakin place because they dont do ANYTHING stop the spammers, instead they just title it a "spam" folder in which junk gets deleted instead of taken care of.

  6. Simon Templar · 1005 days ago

    greed - the primary motivator

  7. If you are waiting for packages. Keep in mind, USPS & UPS do not attach files to emails. evil is lurking

    • GjB · 992 days ago

      You hit the nail on the head, USPS doesn't have attachments in email shipping notifications. Also, if you are not expecting any or tracking a package why would you open the email in the first place?

  8. those asking 'how would they know my email?' I wondered the same when I got a legitimate email from the Royal Mail to tell me my parcel would be delivered that morning, it was indeed delivered and followed by another email confirming it had been delivered, no attachments, just plain text emails. The item was something I had bought on ebay and I assume the seller told the Royal Mail my email address as some part of the package tracking process.

  9. barbara · 992 days ago

    got an email re: my usps delivery-since i sell on ebay, i fell hook line & sinker trying to open the attachment-well, now that i have a new computer, i am ever more cautious and damn those who gave me a scare, ruined my day and took most of my saved files with them. vicious worm!

  10. Steve0 · 992 days ago

    Most of the commenters have pointed out that the emails are obviously phishing attempts, and I agree. However, what is obvious to savvy users is not obvious to the general public. The scammers cast a very wide net, they only need a very small percentage of people who aren't paying attention or who don't know any better to open the attachment to be successful.

  11. Rex · 992 days ago

    What really is amazing is I hardly if ever send packages through he USPS and sure enough, the 1 time in the last 5 years I actually do, I get and email with this virus in it from the very day that I actually sent it! Coincidence? Maybe, but it sure was perfect timing.

  12. The Doc · 992 days ago

    Scammers and spammers keep creating new ways to get thru to your machines. My advice is to create a new back-up (restore) point on your computer either daily or at least 3 times a week to have a restore position if you get a virus.
    Sometimes these things get thru... best to be prepared

  13. Lee · 992 days ago

    In reply to, "what I'd really like to know is how are the spammers getting my email too! Sick of these sell out companies..."

    The answer is quite simple and you may have even helped them.

    When was the last time you got a "FORWARD" email from a friend that had all those extra email addresses the forward had already gone to? Spammers have legitimate email addresses, also and when one of these "FORWARD TO EVERYONE" messages eventually lands in their mailbox, they just harvest the fresh meat and feed it to the spam engines.

    Number 1) NEVER, EVER, EVER, EVER FORWARD A MESSAGE WITHOUT DELETING ALL EMAIL ADDRESSES FROM THE FORWARDED MESSAGE BODY.

    Number 2) When sending a message to multiple parties, ALWAYS USE BLIND CARBON COPY (BCC)....if you don't know how to do Bcc, then don't send messages to multiple parties.

  14. Chad in AK · 992 days ago

    Folks, What the real problem here is, lack of ISP protection. The ISP's (Internet Service Providers) that EVERY SINGLE ONE OF US HAS TO RELY ON, has a responsibility to protect THEIR FRIGGEN NETWORK! If they don't protect their network why should we? Seriously. If I get infected due to the ISP letting the worm/trojan/virus/et al. thru to my computer, why do they shut me down when my computer sends the same crap out to their network? Yes, I know, location location location. The virus origination was not on my ISP's network. So what. They know I'm sending out crap and stop it, why cant the stop the crap from coming into the network in the first place? Oh they can but its not profitable to do so. If we as consumers start to stand up and demand our ISP's protect us from the Russian/Taiwan/Iran/Iraq/China/probably others/etc. bad guys our systems would be much safer, and we (consumers) would have less out of pocket expenses (loss of ID, time for figuring it out, the actual scam itself, insurance rates, etc.) *End Rant*

  15. Jeff Donaldson · 992 days ago

    I got one of those just after my birthday stating that a package was at the post office because it was failed to be delivered on the exact date of my birthday. It was tempting, thinking that someone had sent me a special gift, or something. Seeing the zip file made me suspicious and also the fact that Idon't believe that the post office has my e-mail address, or do they have the manpower to even be bothered to send out e-mails anyway. I am always suspicious of any e-mail from sources that are unexpected, so I check it out before opening anything like that.

  16. Not_so_naive · 768 days ago

    Has anyone tried to find an email address at Royal Mail at which to report phishing attempts. I've just given up in disgust - the site is utterly impermeable, and searching doesn't even respond to the words "phis" or "phishing"!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.