A spam email claiming to be from UPS is making the rounds.
As seen in the image above, the e-mail states that a delivery attempt was made and provides a tracking number. The tracking number is real, although it was for a package delivered in February and signed by “DONNA”.
Clicking the tracking number link downloads a zip archive containing an executable with a PDF icon. At the time of this writing, the file is detected by 4/51 vendors on VirusTotal. Malwarebytes Anti-Malware detects the file as Spyware.ZeuS.
Be on the lookout for this spam, and always verify the sender of an e-mail before opening any attachment. Even then, it still may not be safe if the sender is known and his or her account was compromised.
4/11: UPS instructs users to forward these kind of emails to fraud@ups.com
@Malwarebytes Thanks for letting us know! If you receive any, please forward to fraud@ups.com. ^RN @UPS cc: @joshcannell
— UPS Customer Support (@UPSHelp) April 10, 2014
Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and malware analysis. Twitter: @joshcannell
