500% increase in email-attached malware

The UPS name is once again being used to spread vast amounts of email-attached malware. The last week has seen an extraordinary increase – over 5.5 times the average level before the outbreak.

The attack closely resembles the large outbreak reported on at the end of March. The graph below illustrates the increase:

There are numerous versions of the email text, here’s an example:

Good afternoon!

Dear Client, Recipient’s address is wrong

Please fill in attached file with right address and resend to your personal manager

With best regards , Your USPS .com Customer Services

These emails also come with a range of subjects such as:

• USPS Attention 060532
• USPS: DELIVER CONFIRMATION – FAILED 17592718
• USPS id. 182407
• USPS DELIVERY CONFIRMATION 7264145
• From USPS 4009717
• Your USPS id. 44531036
• USPS ATTENTION 44123265

In the previous attack the filenames were quite limited – unlike this attack – some examples:

• ups_NR9Yl2673.zip
• Ups_NR5pY500268590.zip
• UPS_NR5Da3052.zip
• MyUps_NR9hN8574.zip
• MYUPS_NR5gX736615890.zip

Author: Avi Turiel, Commtouch.