Early December I wrote about a fake DHL spam campaign which was found to be distributing Trojan Bredolab. The new spam campaign is very similar to the last but this time appears to be from UPS.

Example

Subject: UPS Tracking Number 5845190

“Hello!
The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.
United Parcel Service of America.

[attachment UPS_invoice_NR12944.zip"

VirusTotal results for the attachment can be found here. Domains known to be  contacted by Trojan Bredolab listed below.

20091217:http://mmsfoundsystem.ru, 193.104.12.20
20091227:http://preflopp.com, 95.211.8.170
20100105:http://greatmoder.cn, 122.115.63.19
20100108:http://213.108.56.125, 213.108.56.125