United Parcel Service malware attack spreads fake anti-virus

UPS parcelEmail inboxes around the world are being spammed today with a malicious attack designed to infect Windows computers with a fake anti-virus attack.

The emails claim to be notification from United Parcel Service (UPS) that a package is winging its way to your address. The cybercriminals behind the scheme hope that recipients will be intrigued enough to open the attached file, which can infect their computer with malware.

A typical message looks as follows:

United Parcel Service notification

Subject: United Parcel Service notification #[number]

Message body:

United Parcel Service
tracking number #[number]

Good morning
Parcel notification

The parcel was sent your home adress.
And it will arrive within 3 buisness days.

More information and the parcel tracking number are attached in document below.

Thank you

United Parcel Service of America (c)
153 James Street, Suite100, Long Beach CA, 90000

Attached file: UPS_Document.zip

Would the spelling mistakes and grammatical errors be enough to ring an alarm bell in your head? Or would the promise of an unexpected parcel being delivered be enough to trick you into opening the attachment?

Sadly you can’t always rely on the bad guys being sloppy with their typing, and some attacks are more professional than others. The fact is that simple social engineering tricks like this can be enough to trick people who really should know better into making the mistake of opening an unsolicited attachment.

And remember this – when someone sends you a parcel, they give the delivery company your snail-mail address. They’re very unlikely to have also given them your email address! So be suspicious of any emails from delivery companies which arrive unexpectedly.

Sophos products detect the malware threat attached to the emails as Mal/FakeAV-LI – a fake anti-virus scam designed to scare you into believing your computer has security problems in order to persuade you to part with your hard-earned cash.

Users of other anti-virus products might be wise to check that their security software detects this threat, as it has been pretty widely spammed out.