The first one I have a feeling might trick a few people. It claims to be from the iTunes Store..

From: iTunes Store [certificate@itunes.com]
Subject: Thank you for buying iTunes Gift Certificate!

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00 You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.

The payload is in the attachment iTunes_certificate_497.zip which contains the file iTunes_certificate_497.exe
ESET NOD32 identifies this as Win32/Oficla.GT trojan

Next up, are 3 variations of the, we missed you and couldn’t deliver something scam.

From: DHL Support Kimberly Parsons [delivery@dhl-usa.com]
Subject: DHL delivery problem Nr22755.

Hello!

We were not able to deliver the postal package sent on the 8th of March in time because the addressee’s address is not correct.
Please print out the invoice copy attached and collect the package at our department.

DHL Customer Services.

From: DHL Manager Javier Stratton [courier@dhl-usa.com]
Subject: DHL delivery problem Nr00684.

Dear customer!

We were not able to deliver the postal package which was sent on the 21st of February in time because the addressee’s address is wrong.
Please print out the invoice copy attached and collect the package at our office.

DHL Express Services.

From: Service Manager Chandra Morales [manager@ups.com]
Subject: UPS Delivery Problem NR 52979.

Dear customer!

We failed to deliver postal package which was sent on the 15th of February in time because the recipient’s address is erroneous.
Please print out the invoice copy attached and collect the package at our department.

DHL Customer Services.

The attachments for these were:
DHL_invoice_6817.zip which is Win32/Oficla.GQ trojan
DHL_invoice_2817.zip which also is Win32/Oficla.GQ trojan
UPS_invoice_5978.zip – which is a variant of Win32/Injector.BNG trojan

Remember to keep an eye out for fake Mother’s day scams too.

Subject 4912-3337 Apple AppStore Confirmation
Sender Apple Up-To-Date Add contact

Apple Store
Call 1-800-MY-APPLE

#4368-66525
Order Details

You can also contact Apple Store Customer Service or visit online for more information.

Visit the Apple Online Store to purchase Apple hardware, software, and third-party accessories.
Copyright 2010 Apple Inc. All rights reserved.

This one wants you to click on the order details link, which I have removed, but if you look at the “Order Details” link more closely, you will see that it doesn’t go to the apple store but links to some place called goofbomb. I don’t feel like testing out my anti-virus or risk getting a 0-day virus or some malware, let’s just assume it’s a bad place. So keep your eyes out for this and other e-mails that claim you have purchased something, or missed a delivery, and gives you a link to your “order” or has an attachment for you to open. Quite a few of these going around these days.

Surf Safe

First we have this one from “UPS”

From: UPS Manager Romeo Law [delivery@ups.com]

Subject:  UPS Delivery Problem NR 08488.

Dear customer!

We failed to deliver the package sent on the 6th of January in time because the recipient’s address is incorrect.

Please print out the invoice copy attached and collect the package at our office.

United Parcel Service of America.

Dear customer!
We failed to deliver the package sent on the 6th of January in time

because the recipient’s address is incorrect.Please print out the invoice copy attached and collect the package at our office.
United Parcel Service of America.

attachment: UPS_invoice_NR34587.zip

NOD32 identifies the virus in this attachment as virus Win32/Oficla.CX trojan. A couple of ways you can tell this is fake, besides the attached virus are; why would UPS wait a couple of weeks to notify you of this? Do they really sign their e-mail United Parcel Service of America? They tell you to pick it up at the office but there is no address or contact info for the office. Just thought I’d point this out.

Next we have one from DHL:

From: Manager Gabrielle Bird [customer@dhl.com]

Subject: DHL Office. Get your parcel NR.4486

Hello!

The courier service was not able to deliver your parcel at your address.

Cause: Mistake in address

You may pickup the parcel at our post office personally.

The delivery advice is attached to this e-mail.
Print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox!

Thank you,
DHL Global Forwarding Services.

attachments: DHL_label_Nr2385.zip > ZIP > DHL_label_Nr2385.exe

ESET-NOD32 Identifies the virus in this attachment as Win32/TrojanDownloader.Bredolab.BE trojan

In case you don’t know this already, never run an .exe file you get in e-mail. Nothing good ever comes from running an .exe you received in e-mail.

Watch out for these or variants of them.