Fake UPS notices deliver malware

Cyber crooks have once again resurrected the old UPS spam email campaign in order to deliver their malicious wares to Internet users, warns Webroot’s Dancho Danchev.

As usual, the email takes the form of a notification about a failed delivery:

The spammers equipped the message with UPS’ logos in order to create lend some degree of credibility to it but, unfortunately, a click on the “Print a shipping Label” button will take the victims to a compromised website serving what seems to be a label (Label_Copy_UPS.zip), but what actually is a downloader Trojan.

The good news is that the Trojan has a very high detection rate. Still, users should train themselves not to instinctively follow links or download files from unsolicited emails – no matter what the message says or how it makes them feel.