As usual, the email takes the form of a notification about a failed delivery:
The spammers equipped the message with UPS' logos in order to create lend some degree of credibility to it but, unfortunately, a click on the "Print a shipping Label" button will take the victims to a compromised website serving what seems to be a label (Label_Copy_UPS.zip), but what actually is a downloader Trojan.
The good news is that the Trojan has a very high detection rate. Still, users should train themselves not to instinctively follow links or download files from unsolicited emails - no matter what the message says or how it makes them feel.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.