According to Commtouch director Avi Turiel, one of the lynchpins of this surging email malware campaign is the infamous UPS `you have a parcel' message, pushing email malware levels to around 5.5 times the normal weekly level seen in previous weeks, and emulating a surge that the web and messaging security firm tracked in March of this year.
Interestingly, Turiel reports that there are now several variants of the UPS malware email, with a range of subjects, including:
USPS Attention 060532
USPS: DELIVER CONFIRMATION – FAILED 17592718
USPS id. 182407
USPS DELIVERY CONFIRMATION 7264145
From USPS 4009717
Your USPS id. 44531036
USPS ATTENTION 44123265
In parallel with this, the hackers sending the messages also appear to have renamed the attachment which infects users with malware.
It is important to note, says Turiel in his latest security posting, that in the March malware surge the subjects were changed to use the DHL brand a few days into the attack.
As reported back in March, the UPS malware email surge seen then used a series of spoofed headers that appeared to originate from a infojs@ups.com address.
At the time, the Softpedia newswire quoted independent security consultant Dancho Danchev as saying that the threats associated with the March attack include a fake anti-virus, a Gbot backdoor and a variant of W32.Pilleuz which currently has a low detection rate.