UPX can also be used for protection by developers. A benefit is that a checksum of both the compressed and uncompressed file is maintained internally.
Malcreants however can layer it with other inner packing to mislead analysts and victims alike, seemingly meaningless dead closed jump code is found, but the malcode when running knows how to jump that.
So the story is not that easily told as it is being presented. We have an abominable clever opponent in the malcrean. This is an interesting read on the subject from the Norman blog:
http://blogs.norman.com/2011/malware-detection-team/relations-between-spammed-malwareThis link's article author = Snorre Fagerland, Principal Security Researcher in the Malware Detection Team (MDT) at Norman's. Discussed a.o is. outer layer of UPX packing; inner packer is [P1],
polonus