Outbreak: United Parcel Service notification malware attack spammed out


Cybercriminals are attempting to infect computers around the world, disguising their attack as an email claiming to come from United Parcel Service about a parcel delivery.

But this time they’re not using words, they’re using an embedded image to trick you into clicking on the link.

Here’s what a typical malicious email being used in this malware campaign looks like:

United Parcel Service notification malicious email

Subject: United Parcel Service notification #<random number>

Attached file: USPS_Document.zip

Message body:
Dear customer.

The parcel was sent to your home address.
And it will arrive within 3 business days.

More information and the tracking number are attached in the document below.

Thank you.
United Parcel Service.

Copyright (c) 1994-2011 United Parcel Service of America, Inc. All rights reserved.

As you can see – it looks pretty professional. Which may well fool more people into believing it is genuine.

What’s interesting is that there is no actual text inside the email’s message body, instead it consists solely of an image – presumably with the intention of attempting to slip past the more rudimentary anti-spam filters.

Attached to the email is a file called USPS_Document.zip, which contains the malware attack. Sophos detects the ZIP file proactively as Mal/BredoZp-B and the enclosed file as the Troj/Agent-QGH Trojan horse.

The malware is only capable of infecting computers running Windows.

If you are one of the many people seeing this malware attack in your email this morning, please do not click on the attachment even if you are waiting for a package to be delivered. Instead, simply delete the email and your computer will be safe.

This latest attack follows hard on the heels of another widespread assault on users’ inboxes which began to strike earlier this week, posing as a message from Post Express Service.