MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email regarding the delivery issues of a parcel forwarded by USPS with the subjects like:
Delivery information contains at the postal label
Delivery status is required urgent confirmation
Please download your USPS Label
Postal label contains detailed information
Print USPS Postal Label #ID56279
USPS Postal Notification
USPS Service# Get your parcel ID68906
USPS Tracking Number #ID60805
Your USPS Postal Label is available #Order ID 2110
The email is send from the spoofed address “USPS Mail Service <firstname.lastname@example.org>” and has the following body:
We couldn’t deliver your parcel.
Reason Fee isn’t paid.
STATUS OF YOUR PARCEL: not delivered
SERVICE: Express Shipping
ITEM NUMBER:U642955251 NU
Postal label is enclosed to the letter.
Print your label and show it in the nearest post office of USPS
Information in brief:
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $16.41 for each day of keeping of it.
You can find the information about the procedure and conditions of parcels keeping in the nearest office.
USPS Customer Services.
The attached ZIP file has the name Label_Details_USPS_Tracking_ID36920.zip and contains the 61 kB large file USPS_Print_Label.exe.
The trojan is known as Suspicious file (Panda).
At the time of writing, only 1 of the 42 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: 6a843aad3e39c1868b4e9f37d829b756d903fc004dc0600351f59fc3cca6606a.