OFFICIAL SECURITY BLOG

Beware of Fake UPS Exception E-mails

April 10, 2014 | BY

A spam email claiming to be from UPS is making the rounds.fakeups

As seen in the image above, the e-mail states that a delivery attempt was made and provides a tracking number. The tracking number is real, although it was for a package delivered in February and signed by “DONNA”.

upsdonna

Clicking the tracking number link downloads a zip archive containing an executable with a PDF icon. At the time of this writing, the file is detected by 4/51 vendors on VirusTotal. Malwarebytes Anti-Malware detects the file as Spyware.ZeuS.

Be on the lookout for this spam, and always verify the sender of an e-mail before opening any attachment. Even then, it still may not be safe if the sender is known and his or her account was compromised.

4/11: UPS instructs users to forward these kind of emails to fraud@ups.com

_________________________________________________________________

Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and malware analysis. Twitter: @joshcannell