OFFICIAL SECURITY BLOG
April 10, 2014 | BY Joshua Cannell
As seen in the image above, the e-mail states that a delivery attempt was made and provides a tracking number. The tracking number is real, although it was for a package delivered in February and signed by “DONNA”.
Clicking the tracking number link downloads a zip archive containing an executable with a PDF icon. At the time of this writing, the file is detected by 4/51 vendors on VirusTotal. Malwarebytes Anti-Malware detects the file as Spyware.ZeuS.
Be on the lookout for this spam, and always verify the sender of an e-mail before opening any attachment. Even then, it still may not be safe if the sender is known and his or her account was compromised.
4/11: UPS instructs users to forward these kind of emails to email@example.com
— UPS Customer Support (@UPSHelp) April 10, 2014