A trojan masquerading as an email notice from UPS, the delivery service, tries to dupe users into clicking on an enclosure to download malware.
"It's not a new technique for fooling people into opening a malicious attachment, but clearly the hackers still think it has some legs," wrote Graham Cluley, senior technology consultant at Sophos, in a post on his blog.
The message claims that a package could not be delivered - that is, UPS did not deliver a package because an incorrect destination address was specified.
The trojan is named TrojanSpy.ZBot.DGI (VirusBuster), Trojan-Dropper.Delf (Ikarus) or VirTool:Win32/DelfInject.gen!J (Microsoft), according to email security firm MX Lab.
The "From" address is spoofed and contains "United Postal Service tracking[at]ups[dot]com."
"The trojan hides itself inside the file Invoice_8612112.exe once you have extracted the ZIP archive Invoice_8612112.zip. Names and numbers may vary," said an advisory on the MX Lab blog.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
