A wave of fake United States Postal Service (USPS) emails currently making the rounds are trying to pass a trojan downloader for a shipping label.The spam emails pose as failed delivery notifications and bear a subject of "Post Express Information. Your package is available for pick up."
The contained message claimed that an error in the shipping address caused the package to be returned to the post office, from where it can be retrieved.
"Your package has been returned to the Post Express office. The reason of the return is 'Error in the delivery address' Important message!
"Attached to the letter mailing label contains the details of the package delivery. You have to print mailing label, and come in the Post Express office in order to receive the packages!" the emails read.
The attachment is called Post_Express_Label_ID_[number].zip and contains a malicious executable of the same name.
If run, the exe file installs a trojan downloader on the system which, according to the results of a Virus Total scan, has a low detection rate among antivirus products.
Such trojan downloaders are usually part of pay-per-install operations where cyber criminals pay to have their own malware distributed through them.
Users who fall victim to this attack and install the trojan will probably end up with additional infections on their systems, scareware in particular.
The package delivery notification lure is not something new. It is commonly used in attacks that misuse the brand names of UPS, DHL, FedEx and other similar services.
Users are advised to always exercise caution when dealing with email attachments, even if the messages appear to originate from trusted sources. Files can be scanned using online services like Virus Total to make sure they are not infected.
To be on the safe side, all email notifications claiming to be from package delivery services should be verified over the phone with those respective companies before taking any action.