Outbreak: United Parcel Service notification malware attack spammed out

Graham Cluley
Graham Cluley
@[email protected]

Cybercriminals are attempting to infect computers around the world, disguising their attack as an email claiming to come from United Parcel Service about a parcel delivery.

But this time they’re not using words, they’re using an embedded image to trick you into clicking on the link.

Here’s what a typical malicious email being used in this malware campaign looks like:

United Parcel Service notification malicious email

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: United Parcel Service notification #<random number>

Attached file: USPS_Document.zip

Message body:
Dear customer.

The parcel was sent to your home address.
And it will arrive within 3 business days.

More information and the tracking number are attached in the document below.

Thank you.
United Parcel Service.

Copyright (c) 1994-2011 United Parcel Service of America, Inc. All rights reserved.

As you can see – it looks pretty professional. Which may well fool more people into believing it is genuine.

What’s interesting is that there is no actual text inside the email’s message body, instead it consists solely of an image – presumably with the intention of attempting to slip past the more rudimentary anti-spam filters.

Attached to the email is a file called USPS_Document.zip, which contains the malware attack. Sophos detects the ZIP file proactively as Mal/BredoZp-B and the enclosed file as the Troj/Agent-QGH Trojan horse.

The malware is only capable of infecting computers running Windows.

If you are one of the many people seeing this malware attack in your email this morning, please do not click on the attachment even if you are waiting for a package to be delivered. Instead, simply delete the email and your computer will be safe.

This latest attack follows hard on the heels of another widespread assault on users’ inboxes which began to strike earlier this week, posing as a message from Post Express Service.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.