Cybercriminals are attempting to infect computers around the world, disguising their attack as an email claiming to come from United Parcel Service about a parcel delivery.
But this time they’re not using words, they’re using an embedded image to trick you into clicking on the link.
Here’s what a typical malicious email being used in this malware campaign looks like:
Subject: United Parcel Service notification #<random number>
Attached file: USPS_Document.zip
Message body:
Dear customer.
The parcel was sent to your home address.
And it will arrive within 3 business days.
More information and the tracking number are attached in the document below.
Thank you.
United Parcel Service.
Copyright (c) 1994-2011 United Parcel Service of America, Inc. All rights reserved.
As you can see – it looks pretty professional. Which may well fool more people into believing it is genuine.
What’s interesting is that there is no actual text inside the email’s message body, instead it consists solely of an image – presumably with the intention of attempting to slip past the more rudimentary anti-spam filters.
Attached to the email is a file called USPS_Document.zip, which contains the malware attack. Sophos detects the ZIP file proactively as Mal/BredoZp-B and the enclosed file as the Troj/Agent-QGH Trojan horse.
The malware is only capable of infecting computers running Windows.
If you are one of the many people seeing this malware attack in your email this morning, please do not click on the attachment even if you are waiting for a package to be delivered. Instead, simply delete the email and your computer will be safe.
This latest attack follows hard on the heels of another widespread assault on users’ inboxes which began to strike earlier this week, posing as a message from Post Express Service.
Full story: Naked Security – Sophos
Related Posts
- Outbreak: Post Express Service malware attack spammed out
Sophos -- Be on your guard against the latest "undelivered package" malware attack that cybercriminals are spamming out right now.
Regular readers of Naked Security will be all too familiar with em... - “United Parcel Service notification 48161” from UPS contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan variant distribution campaign by email with the subject “United Parcel Service notification 48161”, where the number in the subject may v... - Facebook notification emails spreads malware
People have started getting the following email claiming that “Facebook Copyrights Department” has detected unusual Copyrights activity linked to your Facebook account , please follow the link bellow ... - RSA Conference 2011 – Live Malware Attack, and Most Educational Security Blog!
Apologies to our readers from me and from Chester Wisniewski - we haven't written anything for Naked Security for the past week or so.
That's because we've been off the air, and on our feet, for the ... - Spammed Malware Ramps Up Again
It was probably too good to last. The past few months has been blissfully quiet on the spam front, and in particular, spam with accompanying malware. The chart below shows an unusually quiet period ... - Spammer’s blunder leads to widespread split personality malware attack
We're seeing a widespread malware attack in our spam traps this morning - and what's making it unusual is that it appears not to be able to decide what it is.
When you first see the subject line, you ... - Are you contributing to the Twitter Denial of Service Attack?
Twitter has been dealing with a denial of service attack this morning that has resulted in millions of users not receiving or posting tweets.These days denial of service attacks typically are launched... - Post Express Service package delivery failure email has malware attached
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “”Post Express Service. Package is available for pickup! NR1535″.
The email is send fr... - Bredolab Malware spammed via fake Facebook Mails
The popularity of the social network Facebook is abused again to spread Malware via Email. The spam mails arrive with the subject “Facebook password has been changed. ID” and contain a ZI... - New Attack Disguised as DHL Parcel Delivery Notice (PC World)
PC World - Some malware attacks are exceedingly clever and innovative, while others just rely on tried and true techniques that are fairly reliable no matter how much users are told to avoid them. App...
Posted on 04 February 2011. Tags: Attack, Malware, Notification, Outbreak, Parcel, Service, Spammed, United
I already clicked it… what do I do now? How do I delete/clean it before it does damage to my pc. Am currently scanning my pc now but the damn thing refuses to be deleted.
eu cliquei em um dese e-mail e meu pc travou tudo tive que mandar formatar,não abram.