Sophos researchers recently came across a spam campaign that poses as a message from the UK's Royal Mail in order to distribute malware.
"The email does have a veneer of legitimacy as the criminals used the Royal Mail logo and spoofed the 'From' email address to seem like the message is coming from the organization," writes Help Net Security's Zeljka Zorz.
According to Sophos, a typical e-mail reads as follows:
Royal Mail Group Shipment Advisoryhttps://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
The following 1 piece(s) have been sent via Royal Mail on Mon, 20 Aug 2012 15:43:14 +0530, REF# 5646597645
SHIPMENT CONTENTS: Documents
SHIPPER REFERENCE: PLEASE REFER TO ATTACHED FILE
ADDITIONAL MESSAGE FROM SHIPPER: PLEASE REFER TO ATTACHED FILE
Royal Mail Group Ltd 2012. All rights reserved
"The cybercriminals who have distributed the attack are hoping that your curiousity will be piqued, and you will be tempted to open the attached ZIP file in the mistaken belief that a parcel is winging its way to you," writes Sophos' Graham Cluley. "Contained within, however, is not a Royal Mail shipping advisory but a file called royal_mail_shipping.exe, detected by Sophos as the Troj/Backdr-HE Trojan horse."