You may have come into work this morning to find an email in your inbox which claims to be from United Parcel Service of America. Well, if you did receive such a message then you’re far from alone – as we’ve been intercepting many examples as they were spammed around the world.
The emails read as follows:
Hello!
We were not able to deliver postal package you sent on the 14th of May in time because the recipient's address is not correct. Please print out the invoice copy attached and collect the package at our office.
Your United Parcel Service of America
Just so you know, the tracking reference number used in the email’s subject line changes each time.
Attached to the email is a file (called UPSNR_976120012.zip in the samples we’ve seen) that contains a malicious Trojan horse which Sophos detects as Troj/Agent-KBE. Launching the file is, obviously, not a good idea if you want to protect your computer from hackers.
If you’re a regular reader of the Clu-blog then this attack won’t be any surprise to you – we’ve seen similar attacks on many occasions taking advantage of the names of shipping companies like UPS, DHL.
What is perhaps alarming is that the hackers still seem to think it’s worthwhile using this trick to bust their way into innocent users’ computers. Shouldn’t we all be wise to this kind of social engineering by now?