The UPS name is once again being used to spread vast amounts of email-attached malware. The last week has seen an extraordinary increase – over 5.5 times the average level before the outbreak. The attack closely resembles the large outbreak reported on at the end of March. The graph below illustrates the increase:
There are numerous versions of the email text – some examples:
Good afternoon!
Dear Client , Recipient’s address is wrong
Please fill in attached file with right address and resend to your personal manager
With best regards , Your USPS .com Customer Services
Good afternoon!
Dear User , Delivery Confirmation: FAILED
Please print out the invoice copy attached and collect the package at our department
With respect to you , Your UPS Services
GOOD AFTERNOON!
Dear Client , We were not able to delivery the postal package
Please fill in attached file with right address and resend to your personal manager
With Respect , Your UPS .COM
ATTENTION!
DEAR CLIENT , RECIPIENT’S ADDRESS IS WRONG
PLEASE PRINT OUT THE INVOICE COPY ATTACHED AND COLLECT THE PACKAGE AT OUR DEPARTMENT
With best wishes , Your USPS .us Customer Services
These emails also come with a range of subjects such as:
- USPS Attention 060532
- USPS: DELIVER CONFIRMATION – FAILED 17592718
- USPS id. 182407
- USPS DELIVERY CONFIRMATION 7264145
- From USPS 4009717
- Your USPS id. 44531036
- USPS ATTENTION 44123265
In the previous attack the filenames were quite limited – unlike this attack – some examples:
- “ups_NR9Yl2673.zip”
- “Ups_NR5pY500268590.zip”
- “UPS_NR5Da3052.zip”
- “MyUps_NR9hN8574.zip”
- “MYUPS_NR5gX736615890.zip”
Reminder: In the last series of attacks the subjects were changed to use the DHL brand a few days after the initial attack.
Leave a reply
