Security thread masquerading as UPS email

Over the past several weeks, virus researchers worldwide have been tracking a high volume of fake emails purporting to come from UPS. These emails include an attachment, with a zip file that includes a malicious executable typically named something like “UPS_Invoice.exe”.

This Trojan was highlighted in a recent article in Security Center Magazine:

The emails typically include text similar to the following:

“From: United Parcel Service
Subject: UPS Tracking Number xxxxxx

Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office

Your UPS”

Generally, anti-virus engines have been able to keep up with this threat through new definition updates or heuristics. However, ongoing analysis of this Trojan shows that it continues to propagate in the wild due to highly aggressive methods used to evade detection. Test have also seen a marked increase in propagation over the past 24 hours.

Do not open or forward these emails! If your virus software is up to date it should catch them, but that is no guarantee. The best course of action is to be on guard.

I have already received at least one copy of this, so it is out there. If you have any questions, please ask!