14 DAY TRIAL // Security researchers from Sophos are seeing a wave of fake emails that masquerade as shipping notifications from UPS and carry a computer trojan as attachment.
The emails bear a subject of "United Parcel Service notification #[random number]" and have spoofed headers to appear as originating from an @ups.com address.
The body consists of an image that mimics a professionally designed email template contains the UPS logo and a copyright footer.
The message displayed on the image reads: "The parcel was sent to your home address. And it will arrive within 3 business days. More information and the tracking number are attached in document below."
The image technique was used in order to bypass spam filters that analyze textual content, although more complex anti-spam systems, especially cloud-based ones, will catch it without much trouble.
The attached file is called USPS_Document.zip and contains a trojan installer detected by Sophos as Troj/Agent-QGH.
"If you are one of the many people seeing this malware attack in your email this morning, please do not click on the attachment even if you are waiting for a package to be delivered.
"Instead, simply delete the email and your computer will be safe," advises Graham Cluley, senior technology consultant at Sophos.
Package delivery notifications are a common lure to trick users into opening infected email attachments and the fact that malware distributors continue to use it after so many years suggests that it is still effective enough.
Just last week we reported about emails carrying a variant of the SpyEye banking trojan that posed as failed delivery notifications from a shipping company called Post Express Service.
There are even multi-lingual campaigns adopting this theme. We previously reported about fake DHL emails distributing malware written in German and Spanish.