UPS Invoice 5305325782943? It’s another malware attack

Yes, there are lots of web-based threats out there - but that doesn't mean that cybercriminals have stopped abusing email systems to spread their malware.

In the past few days we've seen hundreds of thousands of dangerous emails posing as a "Facebook Password Reset Confirmation", a "Contract of Settlements", and failed deliveries from DHL, amongst others.

Today the bad guys have changed their tack - but only slightly. Rather than DHL or FedEx, they've switched back to UPS:

Malicious email claiming to come from UPS

The message in the email reads:

Unfortunately we were not able to deliver postal package you send on October the 1st in time because the recipients address is not correct. Please print out the invoice cioy attached and collect the package at our office

Your UPS

Of course the emails, which have the subject line "UPS Invoice 5305325782943", aren't from the courier delivery firm at all, and opening the attached file is simply exposing your computer to malware danger.

Sophos detects the attached file (RESU8723.zip) as Troj/BredoZp-O or Mal/EncPk-LE. Users of other vendor's anti-virus products should check that they are properly defended.