A trojan masquerading as an email notice from UPS, the delivery service, tries to dupe users into clicking on an enclosure to download malware.
"It's not a new technique for fooling people into opening a malicious attachment, but clearly the hackers still think it has some legs," wrote Graham Cluley, senior technology consultant at Sophos, in a post on his blog.
The message claims that a package could not be delivered - that is, UPS did not deliver a package because an incorrect destination address was specified.
The trojan is named TrojanSpy.ZBot.DGI (VirusBuster), Trojan-Dropper.Delf (Ikarus) or VirTool:Win32/DelfInject.gen!J (Microsoft), according to email security firm MX Lab.
The "From" address is spoofed and contains "United Postal Service tracking[at]ups[dot]com."
"The trojan hides itself inside the file Invoice_8612112.exe once you have extracted the ZIP archive Invoice_8612112.zip. Names and numbers may vary," said an advisory on the MX Lab blog.