Beware e-mail messages from UPS

Package delivery company UPS is being used by the bad guys in an attempt to install malicious software.

I have a lot of e-mail addresses and thus attract my fair share of unwanted and malicious e-mail. The latest malware spreading e-mail to land in my in-boxes has purported to be from the package delivery company UPS. Thursday, I received two of these, but there have been other similar messages recently.

As you can see in the picture below, it came with an attached ZIP file.

A malicious email that was not from the UPS package delivery company

ZIP files are commonly used as a container to transmit malicious software. The number in the name of the ZIP file is probably there to evade detection by antivirus software; the numbers were different in the two messages received Thursday.

The ZIP file contained a single EXE called UPSInvoice_997612.exe. I uploaded the file to, where 4 of the 36 antivirus applications detected it as malicious.

As I've noted before: never decide to trust an e-mail message based on the sender. It is very easy to forge the "From" address when sending e-mail.

And, hopefully by now it should go without saying, Windows users should never run an executable file sent by e-mail. Mac and Linux users (including the many new Netbook Linux users) can ignore this warning.

See a summary of all my Defensive Computing postings.

About the author

    Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

    He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.



    Discuss Beware e-mail messages from UPS

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    Uber to spend $1B over nine months for India expansion