Antivirus vendor Sophos via their SophosLabs "Naked Security" blog is bringing news of a massive trojan spam campaign that ties in postal mail delivery--or lack thereof--with an trojan-bearing email. Here's the scoop:
By using a variety of clever subject lines the spams lead people to believe they've missed a package delivery from the USPS or Royal Mail, and so the spammers trick unsuspecting people into opening their malicious trojan-containing email.
Data on this trojan is inconclusive, but right now according to Sophos:
Detection data is also inconclusive and industry-wide detections appear to be hit-or-miss on this with the following software detections:Contained inside the ZIP file is a Trojan horse, detected by Sophos products proactively as Mal/Bredo-Q.
Here are a couple of samples of these emails. (Thanks and credit to Graham Cluley of SophosLabs for these.)
...and a sample of the Royal Mail fake: