Over the past 16 hours, we’ve seen a sharp spike in the number of UPS_Invoice themed malware being run and prevented on systems. We’ve seen this invoice scheme many times before, but to many computer users, the scam still is not familiar. The files often are delivered as .zip attachments, containing a malicious Bredolab downloader or Zbot password stealer. Again, this is the extracted file’s appearance, after it is unzipped and file extensions are not visible (a folder option). Compare it with the screenshot below. the difference is not obvious, unfortunately:
And here is a screenshot with the extensions visible:
Some of the names being used and designed to fool users include…
Be sure to examine the contents of .zip files prior to attempting to open them. We will update this post as more information is available.