New WSF malware with subject “Emailing: Label” from UPS

MX Lab,, started to intercept a new malware distribution campaign by email with the subject “Emailing: Label”.

This fake email is send from the spoofed addresses  in the format *******”, giving an impression that the email is from UPS, and has the following body:

Good afternoon

The office printer is having problems so I’ve had to email the UPS label, sorry for the inconvenience.


Erwin farquhar

The attached file contains the file 556275730809.wsf which is a Windows Script File document.

The malware is detected by 4/55 AV engines at Virus Total and the analysis is available on Malwr.