Spamvertised DHL notifications lead to malware

Summary:A currently ongoing malware campaign is brand-jacking DHL for malware-serving purposes.

A currently ongoing malware campaign is brand-jacking DHL for malware-serving purposes. The spamvertised emails arrive as DHL Notification using DHL_tracking.zip; doc.zip; document.zip file names.

Sample message:Dear customer! The parcel was send your home address. And it will arrice within 7 bussness day. More information and the tracking number are attached in document below. Thank you. 2011 DHL International GmbH. All rights reserverd.

Upon execution the SpyEye crimeware campaign phones back to multiple URLs aiming to obtain additional modules for sniffing FTP credentials off malware-infected hosts.

Detection rates for the malware; DHL_notification.exe; doc.exe; DHL_tracking.exe

Topics: Malware, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.