Saltar al contenido

Infected attachments in UPS spam emails

ups spoofing con adjunto

The following is an email that simulates being sent by UPS with a technique called e-mail spoofing (impersonation of an email address). Surely you can easily identify it as false, but I assure you that there are many users who launch themselves as kamikazes to open this kind of attachments:

The message asks to fill out an attached form with a postal address, as an alleged package could not be delivered. This attachment is actually some kind of malware that seeks to infect the computer.

Beyond Hotmail classifying it as spam, it should be noted that all links point to the legitimate UPS site ( and the design is quite convincing. With these details in mind a user could feel confident to download the attachment and open it, even if you didn't expect any delivery from the company. She is the simplest social engineer.

The good thing in this case is that when trying to download it, the webmail antivirus detects it and blocks it, but if this does not happen and the resident antivirus does not warn of the danger, the computer will get infected:

In the vast majority of cases these alleged forms are Trojans or manipulated documents When opened, they look for vulnerabilities in the background to download malware in a hidden way.

The next is another example similar to the previous one that allowed to download the file:

Inside the .zip archive is a Trojan Invoice_N8838293984.exe (VT 23/42) that simulates being a Word document And it could easily fool all those who don't have extensions view enabled:

It is not a Word document. It is an .EXE

There are also other variants of these fake emails, some request personal information and then send more spam or prepayment of some tax to receive a package of great value. In any case, with common sense and caution, these deceits can be avoided … you should not be fooled by appearances and when in doubt, it is best to seek information or consult.