Spamvertised United Parcel Service notifications lead to malware

A currently spamvertised campaign is brand-jacking United Parcel Service (UPS) for malware-serving purposes.

A currently spamvertised campaign is brand-jacking United Parcel Service (UPS) for malware-serving purposes.

Sample subject: United Parcel Service notification

Sample attachments: UPSnotify.rar; UPSnotify.exe

Sample message: Dear customer. The parcel was sent your home address. And it will arrive within 7 business day. More information and the tracking number are attached in document below. Thank you. © 1994-2011 United Parcel Service of America, Inc.

Upon execution the malware (UPSnotify.exe) downloads additional binaries including a scareware variant. Users are advised to avoid interacting with suspicious attachments.