Wednesday, October 24, 2012

Trojan Tags Along in "Your UPS Invoice is Ready" Spam

UPS LogoSpammers are once again sending out fake UPS notices in hopes of tricking recipients into downloading malware onto their computer.

The emails, titled “Your UPS Invoice is Ready” have spoofed headers to make it appear as though it came from a ups.com email address and urge the user to download the attached file to view and pay their new UPS invoice.

UPS Spam
From: UPSBilling (RosannahColleen4g@ups.com)
Subject: Your UPS Invoice is Ready

UPS

This is an automatically generated email. Please do not reply to this email address.

Dear UPS Customer,

New invoice(s) are available for the consolidated payment plan(s) / account(s) enrolled in the UPS Billing Center
Please view UPS Billing Center attach document to view and pay your invoice.

(c) 2012 United Parcel Service of America, Inc. UPS, the UPS brandmark, and the color brown are trademarks of United Parcel Service of America, Inc. All rights reserved.

For more information on UPS's privacy practices, refer to the UPS Privacy Policy.
Please do not reply directly to this e-mail. UPS will not receive any reply message.
For questions or comments, visit Contact UPS.

This communication contains proprietary information and may be confidential. If you are not the intended recipient, the reading, copying, disclosure or other use of the contents of this e-mail is strictly prohibited and you are instructed to please delete this e-mail immediately.

Don't be fooled, though. The attached file (“UPS document.zip”) contains a variant of the Win32/Injector.XYG Trojan, not a copy of your UPS invoice. So do NOT download or open it!

Instead, it is recommended that you:

  • Report the email to UPS by forwarding the email and its full headers to fraud@ups.com.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment