14 DAY TRIAL // At least two companies have issued alerts about UPS-themed spam emails currently landing in inboxes. The fake notifications are part of a malware distribution campaign.
“At the request of the shipper, please be advised that the delivery of the following shipment has been rescheduled,” read the emails entitled “UPS Exception Notification, Tracking Number 1Z522A9A6892487822.”
Both Cisco and Malwarebytes have analyzed the spam run which appears to have started on April 10. The samples analyzed by both companies include the same tracking number, 1Z522A9A6892487822.
This number is real, but the cybercrooks are apparently using the same one for all emails. As Malwarebytes’ Joshua Cannell highlights, the tracking number is for a package delivered in February and signed by “DONNA.”
The file that’s served when users click on the link is an archive which contains what appears to be a harmless PDF document. In reality, the file hides a piece of malware. More precisely, the threat is a version of the notorious ZeuS Trojan (Spyware.ZeuS).
These fake package delivery emails are still successful because a lot of people expect to receive genuine notifications.
Since few people probably take the time to check the tracking number before clicking on the link, it’s likely that a lot of computers become infected with malware as a result of these campaigns.