Cybercriminals impersonate UPS, serve malware


By Dancho Danchev

Cybercriminals are currently mass mailing millions of emails impersonating the United Parcel Service (UPS) in an attempt to trick users into downloading and executing the malicious file hosted on a compromised web site.

More details:

Sample screenshot of the spamvertised email:

Spamvertised URL: hxxp://buzzstar.co.uk/JUVNEFNQVI.htm

Actual download location of the malicious archive: hxxp://buzzstar.co.uk/Label_Copy_UPS.zip

The malware has a MD5: b702590c01f76f02e2d8d98833d1c95f – detected by 36 out of 42 antivirus scanners as Trojan-Downloader.Win32.Kuluoz.z; TrojanDownloader:Win32/Kuluoz.B

Webroot SecureAnywhere users are proactively protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

6 thoughts on “Cybercriminals impersonate UPS, serve malware

  1. My wife received this hoax email and forwarded it to me to check on it (since we’ve mailed through UPS recently). Luckily, my browser would not let me select the ‘Print Label’ button..warned me that it would attempt to download a suspect or malicious file. Not sure if Webroot was behind the warning..but I was saved.

  2. Pingback: Cybercriminals impersonate UPS, serve client-side exploits and malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  3. Pingback: ‘Your UPS Invoice is Ready’ themed emails serve malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  4. Pingback: USPS ‘Postal Notification’ themed emails lead to malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

Join the Conversation

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s