first was from “tracking.support@ups.com”
second and third were from “service@ups.com”
fourth from “shipping@dhl.com”

subjects were same for the first 3 mails i.e. UPS Manager (with some varying names)
but for the fourth one it was, DHL Manager (with a name)

and the mail body contained the following for all 4 mails

Hello!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.
United Parcel Service.

happy to see my AVG Free has detected the threat in the email itself with the following certification

Viruses found in the attached files.
The file UPS_invoice _Nr34678.zip: Virus found FakeAlert. The attachment was moved to the Virus Vault.

but i wonder why avg did not detect the first 2 emails, why it detected only the third and fourth email, when all 4 emails were same
and one more thing i updated my avg after i received the first 2 mails, so is it because of the update it detected the 3rd and the 4th mail, but the virus is 1 year old

Hello, Thank you for using our new service “Buy flight ticket Online” on our website.
Your account has been created:
Your login: Info
Your password: passSJZK
Your credit card has been charged for $438.88.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Harris Rosas
Midwest Airlines

As with the Customs Tax Bill variant, the similarity of the wording was a bit of a red flag, but the approach here is slightly different. By telling people some money has been charged to their credit card it makes people worry they have been a victim of identity theft, or at the very least their card details have been stolen and used. This is more likely to trigger them to see what is in the invoice, hoping to identify who has done this.
The executable in the attached E-ticket_N7399294.zip seems to be another ZBot variant (or whatever name is popular for it this week).

In theory many of the main antivirus vendors do host such information – Network Associates Inc has a Virus Information Library at vil.nai.com, but that was a few days behind, along with everyone else, it seems. I would always suggest checking the site of the company you use for your antivirus software, whether online or installed software, free or paid for. That way you get an idea not just what the threat is, but whether your chosen solution is protecting you yet.

However in the last 5 days I have received several (up to 6) each day – some as before; from “UPS” and others from Customs, and just in the last two days pretending to be from Continental Airlines re e-tickets (no I had not ordered any tickets). They all have attachments, but I have just deleted them without even reading the message.

Interestingly there still seems to be very little info on the web generally about this problem.

Is there anywhere, other than this site, where this information could be available to everyone?

This UPS email is really on wild for last couple of days. the UPS_Invoice attachment install couple trozans and downloaded on your system and then the downloaded downloads more trozans. the first thing happens when you click on the attachment is it install a rootkit into kernel and hide itself from WIndows API and it disables your antivirus as soon as it is executed.

I work for SYmantec and so far there is 400 variants for this threat.

as it disabled the antivirus at the fist go it then downloads some known and unknown trozans which willnot be detected as the antivirus is non-functional already.