Hackers are using emails that claim to be a delivery notice for a parcel and an attached label as a way of spreading viruses, says Webroot.
The security firm revealed that the social engineering ruse has been designed to nail someone who isn't paying close attention, with a .zip file attachment that contains an executable disguised with an Excel file icon.
The text of the email tells the recipient to open the attachment to print a shipping label (one big clue that this is a scam).
Andrew Brandt makes the good point that changing the default Windows behavior to show file extensions can help thwart the common trick of using a fake document icon to disguise an executable file, assuming that the attached file made it through your anti-spam and antivirus programs. You'd have the chance to see that the supposed Excel file ended in .exe.
In XP, as Brandt describes, change that by opening Explorer, clicking Tools up top, and then unchecking 'Hide extensions for known file types'. In Vista, start with Organise, then choose Folder and Search options.
For either Vista or XP, be sure to click the ‘Apply to Folders' button to apply the change to all folder, not just the one you're looking at.
The attachment in this attack jams three different pieces of malware into the .zip file, which makes for good odds that at least some of the antivirus scanning engines used at Virustotal would catch them.