Plus de spam de UPS

Today’s UPS spam is brought to you with a French theme (we’ve seen previous instances in English and German).

The messages so far all have a subject of “UPS colis postal” (that’s “UPS postal parcel” or thereabouts), and after a greeting the message says:

malheureusement, nous avons manque de livrer le pli (votre colis postal), que vous avez envoye le 1er juillet,
parce que l’adresse du Destinataire n’existe pas.
S’il vous plait, imprimez la facture envoyee en fichier joint a ce message, et venez chercher le pli
a notre office a l’adresse indiquee a la facture.

This gist of which is that they couldn’t deliver your package because the recipient doesn’t exist, please see the attached invoice for details and come and pick it up from them. The attachment is called, which we detect as proactively Troj/Invo-Zip, and it contains an executable which we detect proactively as Mal/EncPk-EI, a malicious encryption that the last few waves of malware have used.

In other words they’ve changed the language, but that’s about it.