14 DAY TRIAL // Bogus UPS delivery notifications are often used by cybercriminals to deliver malware. However, researchers from MX Lab have come across one spam campaign that’s worth looking into.
The email’s body is simple. It reads something like this: “You have attached the invoice for your package delivery. Thank you, United Parcel Service.”
The notification comes with two files attached to it. One of them is an executable file which hides a variant of the notorious ZeuS Trojan (currently detected only by a handful of anti-malware solutions).
The other one is an .HTML file which purports to contain “Important Delivery Information.”
When users click the link that allegedly leads to an invoice, they’re taken to another page that instructs them to download and install a plugin in order to view the document.
The plugin, JavaJREInstaller.exe, is another variant of the ZeuS banking malware.