UPS Spam is Trojan-Spy.Zbot.YETH

New malware is being spammed in an email masquerading as a notice from UPS (United Parcel Service). The email subject line reads "Your Tracking # 8773004563" and the message makes the following bogus claim:

Sorry, we were not able to deliver postal package you sent on October the 19th in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office. If you do not receive package in ten days you will have to pay 6$ per day.

Your UPS

The attached file is named "UPSINVOICE_87612.zip". Inside the zip file is an executable named "UPSINVOICE_87612.exe" with an icon poorly disquised as a Microsoft Word document. By default, Windows suppresses file extension viewing so if you've never fixed that, this simple trick could fool you. The alleged "invoice" isn't an invoice at all. According to ThreatExpert analysis, opening the file installs a rootkit-enabled banking trojan on your system. At the time of the spamming, detection among antivirus vendors was almost non-existent and the rootkit capabilities could mask its presence even after signature updates are applied. Simple steps can help you avoid being fooled by Trojan-Spy.Zbot.YETH and others like it. Make sure you have file extension viewing enabled and never open attachments received unexpectedly. To help ferret out malware hidden by rootkits, use one of these free rootkit detectors.