More UPS delivery malware spammed out via email

With apologies to Dooley Wilson..

# It’s still the same old story
A fight for love or glory
A case of do or die.
The world will always welcome spammers
As time goes by.. #

Yes, the oldies are the goldies, and so long as the public are still falling for tried-and-trusted tricks why should the hackers adopt new ones?

Here’s a malicious spam campaign that we’ve seen in large numbers in the last few hours. It’s modus operandi shouldn’t be any surprise to regular readers of the Clu-blog:

Sign up to our free newsletter.
Security news, advice, and tips.

UPS Tracking malware email

The emails read as follows:


We were not able to deliver postal package you sent on February the 23th in time because the recipient's address is not correct.

Please print out the invoice copy attached and collect the package at our office.

Your United Postal Service

Attached to the email is a file,, which contains the malicious Troj/Inject-FG Trojan horse. But many users won’t even realise that there’s a nasty bite contained in the email attachment, such will be their belief that UPS has notified them about a failed delivery.

By the way, the tracking reference number used in the email changes each time.

Of course, this attack has not posed the boffins in SophosLabs any difficulty, and customers of our anti-spam and anti-virus solutions are protected. Play it again spam..

(Sorry, I’m so sorry..)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.