A trojan masquerading as an email notice from UPS, the delivery service, tries to dupe users into clicking on an enclosure to download malware.
"It's not a new technique for fooling people into opening a malicious attachment, but clearly the hackers still think it has some legs," wrote Graham Cluley, senior technology consultant at Sophos, in a post on his blog.
The message claims that a package could not be delivered - that is, UPS did not deliver a package because an incorrect destination address was specified.
The trojan is named TrojanSpy.ZBot.DGI (VirusBuster), Trojan-Dropper.Delf (Ikarus) or VirTool:Win32/DelfInject.gen!J (Microsoft), according to email security firm MX Lab.
The "From" address is spoofed and contains "United Postal Service tracking[at]ups[dot]com."
"The trojan hides itself inside the file Invoice_8612112.exe once you have extracted the ZIP archive Invoice_8612112.zip. Names and numbers may vary," said an advisory on the MX Lab blog.
_(20).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
