Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

'Christmas Internet Virus' Warning


Circulating message warns recipients about a new "Christmas Internet Virus" which delivers its payload via files attached to fake "delivery failure" emails claiming to be from UPS, FedEx or USPS.

Christmas Package
© franckito

Brief Analysis

The threat described is genuine. Various types of malware are indeed distributed in the way described, so the core points in the message are worth heeding. Nevertheless, the warning is potentially misleading. Firstly, versions of the malicious emails are distributed continually throughout the year, not just at Christmas time. Secondly, the threat is not new. In fact, it has been around since at least 2008.  And thirdly, the bogus emails use the names of a number of delivery companies, not just UPS, FedEx and USPS.


Subject: Christmas Internet Virus - Beware !
Christmas Internet Virus - Beware !

Something that might keep you safe. Feel this is worth passing along.
With the holidays coming up, I can see where this could be a real problem.
The newest virus circulating is the UPS/Fed Ex/USPS Delivery Failure.
You will receive an e-mail from UPS, Fed Ex, or USPS along with a packet number.

It will say that they were unable to deliver a package sent to you on such-and-such a date.

It then asks you to print out the invoice copy attached.

Pass this warning on to all your PC operators at work and home.
This virus has caused Millions of dollars in damage in the past few days.

Detailed Analysis

This message, which is currently circulating via email and social media posts, warns users to beware of a new "Christmas Internet Virus". According to the message, the virus is distributed via files attached to bogus "delivery failure" emails purporting to be from UPS, FedEx, and USPS. It asks that recipients pass on the information to all PC operators. The specific threat described in the message is real. Fake "package delivery failure" emails are a common and ongoing criminal method of distributing various types of malware. And, as the message suggests, the malware is often hidden in an attached file that masquerades as a delivery invoice that users are instructed to open and print out.

Thus, the core points in the warning are valid and worth heeding.

Unfortunately, however, the message is also potentially misleading. By referring to the threat as a "Christmas Internet Virus", the message strongly implies that it is directly related to Christmas. Because of this supposed Christmas connection, some users may assume that that they need not be concerned about the threat at other times of the year.

But, in fact, the threat is ongoing, and versions of the malware emails described hit inboxes all around the world throughout the year, not just at Christmas time. Of course, people may be a little more susceptible to the bogus emails near Christmas because more packages are sent and expected at that time of year.  But, other than that slight increase in potential susceptibility, the threat has no connection to Christmas whatsoever.

Moreover, the threat described is certainly not new. The very same tactic has been used continually in various forms since at least 2008.

And, while the criminals responsible for these malware campaigns certainly use the names of UPS, FedEx and USPS, they use several other delivery companies as well, including DHL, Australia Post, and the Royal Mail.

It should also be noted that some versions of the scam emails try to trick recipients into visiting a website that contains malware rather than opening an attached file.

Last updated: December 19, 2013
First published: December 19, 2013
By Brett M. Christensen
About Hoax-Slayer

Not Able to Deliver UPS Package Malware Email
FedEx Incorrect Delivery Address Malware Email USPS Malware Emails
DHL Notification Malware Email
Australia Post Undelivered Package Malware Emails
Royal Mail Lost or Missing Package Malware Email
UPS 'Parcel Has Been Found' Malware Email