Malicious spammers are sending fake UPS (United Parcel Services) invoices to unsuspecting recipients forcing them to downloading malicious components from the web.
The e-mail suggests that UPS could not deliver a package supposedly sent to a wrong address. It asks the recipient to print an invoice and go to a UPS office to collect the package, said security experts Marshal.
Phil Hay lead threat analyst for Marshal's Trace team said, "For the unwary or uninitiated, the message appears to come from UPS."
When this attachment is opened, a program installs which allows downloading of more malicious content. This opens up a seemingly innocent Microsoft Word icon which is actually is a Zip file which hides the malicious files from the e-mail filters.
"The message itself is full of mistakes and poor grammar which gives away its authenticity. The subject also misspells the word 'packet' and the message provides no contact addresses," added Hay.