Malicious spammers are sending fake
UPS (United Parcel Services) invoices to unsuspecting
recipients forcing them to downloading malicious components from
the web.
The e-mail suggests that UPS could not deliver a package
supposedly sent to a wrong address. It asks the recipient to print
an invoice and go to a UPS office to collect the package, said
security experts Marshal.
Phil Hay lead threat analyst for Marshal's
Trace team said, "For
the unwary or uninitiated, the message appears to come from
UPS."
When this attachment is opened, a program installs which allows
downloading of more malicious content. This opens up a seemingly
innocent Microsoft Word icon which is actually is a Zip file which
hides the malicious files from the e-mail filters.
"The message itself is full of mistakes and poor grammar which
gives away its authenticity. The subject also misspells the word
'packet' and the message provides no contact addresses," added
Hay.
Malicious spam triples in a week >>