Outbreak: Post Express Service malware attack spammed out

Be on your guard against the latest “undelivered package” malware attack that cybercriminals are spamming out right now.

Regular readers of Naked Security will be all too familiar with emails claiming to come from the likes of FedEx, UPS and DHL which pretend to be about a parcel that wasn’t delivered properly (and all you have to do is click on the attachment to learn more become infected.)

Now we’re seeing malicious emails which pretend to come from “Post Express Service”. Here’s a typical example:

Malicious email

Subject: Post Express Service. Get the parcel NR<random number>

Message body:
Dear client.

Your package has been returned to the Post Express office.
The reason of the return is "Error in the delivery address"

Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.

Thank you.
Post Express Support

Attached file: Post_Express_Label_<random number>.zip

Other subject lines used in the attack include:

Post Express Service. Number of your parcel <random number>
Post Express Service. Package is available for pickup! NR<random number>
Post Express Service. Delivery refuse! NR<random number>

Hopefully you and the users inside your company won’t be so excited about the thought of an unexpected parcel that they open the attached file, as doing so will infect your Windows computer with malware.

Sophos detects the ZIP file as Troj/BredoZp-BT and the enclosed malware as Troj/Spyeye-R.

Remember, there’s only one reason why cybercriminals keep using this type of social engineering to fool users into running malware – it works.