We are seeing rise in scam email posing as tracking mail notification from US based delivery company United Parcel Service. The mail pretends to be from UPS it has subject line Delivery problem.
It notify user… We failed to deliver postal package sent on so on date… in time because the recipent’s address is wrong. please print out the invoice copy attached and collect the package at our our department. This message is send as an JPG image in the mail.
If the user opens the attached zip file (In our observation the size of file is around 30 KB). When this zip file is extracted it will give you .exe file “UPSInvoice.exe”, with an icon that looks like word document. When you open the file, It will install a rouge security software Antimalware Doctor.
Once installed Antimalware doctor will perform a fake scan of your computer and state that you have a malware infection and these infections will be removed after you purchase a full version of the software. Antimalware Doctor then attempts to procure your financial information under the guise of infection.
Quick Heal detects downloader Trojan as Trojandownloader.Katusha and the Rogueware as FraudTool.AM-Doctor