The UPS name is once again being used to spread vast amounts of email-attached malware. The last week has seen an extraordinary increase – over 5.5 times the average level before the outbreak. The attack closely resembles the large outbreak reported on at the end of March.
There are numerous versions of the email text – some examples:
Good afternoon!
Dear Client , Recipient’s address is wrong
Please fill in attached file with right address and resend to your personal manager
With best regards , Your USPS .com Customer Services
Good afternoon!
Dear User , Delivery Confirmation: FAILED
Please print out the invoice copy attached and collect the package at our department
With respect to you , Your UPS Services
GOOD AFTERNOON!
Dear Client , We were not able to delivery the postal package
Please fill in attached file with right address and resend to your personal manager
With Respect , Your UPS .COM
ATTENTION!
DEAR CLIENT , RECIPIENT’S ADDRESS IS WRONG
PLEASE PRINT OUT THE INVOICE COPY ATTACHED AND COLLECT THE PACKAGE AT OUR DEPARTMENT
With best wishes , Your USPS .us Customer Services
These emails also come with a range of subjects such as:
- USPS Attention 060532
- USPS: DELIVER CONFIRMATION – FAILED 17592718
- USPS id. 182407
- USPS DELIVERY CONFIRMATION 7264145
- From USPS 4009717
- Your USPS id. 44531036
- USPS ATTENTION 44123265
In the previous attack the filenames were quite limited – unlike this attack – some examples:
- “ups_NR9Yl2673.zip”
- “Ups_NR5pY500268590.zip”
- “UPS_NR5Da3052.zip”
- “MyUps_NR9hN8574.zip”
- “MYUPS_NR5gX736615890.zip”
Reminder: In the last series of attacks the subjects were changed to use the DHL brand a few days after the initial attack.