UPS™ delivery problem

One of the latest malware distribution campaigns, relying on a medium size spam wave, features the abusive use of the delivery company's name to trick the users into downloading and compromising their systems.

The unsolicited message informs the customers that UPS^TM was not able to deliver an alleged package sent several months ago. The message also asks the recipients to download the invoice copy in order to retrieve the bundle. However, the attached archive does not hold the supposed invoice, but an extremely dangerous piece of malware, known as Trojan.Downloader.Bredolab.AM.

Upon penetrating an unprotected system, this Trojan infiltrates a .DLL file within the \SYSTEM32 folder of Microsoft® Windows® operating system, while also altering several registry keys settings, especially those pertaining to Internet Explorer®. Bredolab's purpose is to monitor user's activity, including transmittal of sensitive data, which it steals and sends towards an address registered on a .ru domain.

Few words of advice: do not open e-mails and e-mail attachments from senders you do not know and do install and activate a reliable spam filter and antimalware solution, unless you want to lose your work, money and (on-line) private life.