Spamvertised DHL notifications lead to malware

Spamvertised DHL notifications lead to malware

Summary: A currently ongoing malware campaign is brand-jacking DHL for malware-serving purposes.

SHARE:
TOPICS: Malware, Security
8

A currently ongoing malware campaign is brand-jacking DHL for malware-serving purposes. The spamvertised emails arrive as DHL Notification using DHL_tracking.zip; doc.zip; document.zip file names.

Sample message:Dear customer! The parcel was send your home address. And it will arrice within 7 bussness day. More information and the tracking number are attached in document below. Thank you. 2011 DHL International GmbH. All rights reserverd.

Upon execution the SpyEye crimeware campaign phones back to multiple URLs aiming to obtain additional modules for sniffing FTP credentials off malware-infected hosts.

Detection rates for the malware; DHL_notification.exe; doc.exe; DHL_tracking.exe

Topics: Malware, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • RE: Spamvertised DHL notifications lead to malware

    Hey, they found Dancho?! I thought he was MIA for a while...
    ken@...
    • RE: Spamvertised DHL notifications lead to malware

      :)
      www.awwgame.com
      lariosshow
  • RE: Spamvertised DHL notifications lead to malware

    so i get an e-mail from a company i don't mail stuff thru saying there's a package for me i'm not expecting w/ a .zip attachment? and when i open the attachment it's not what i expect and does something bad to my computer?
    darwinism of users.
    bc3tech
  • RE: Spamvertised DHL notifications lead to malware

    So why is DHL calling customers to see if they will be home to receive a pkg..And if they are not going to be home asking them to leave a note on their door saying they are NOT HOME and to leave the pkg.
    What a scam for a burglar.
    I won't even have to get out of my car just drive by and look for the note on the door saying "I'm not home ".
    Whatsreallyinaname
  • RE: Spamvertised DHL notifications lead to malware

    I received on of those stupid things in my junk mail file the other day. the attrociously bad spelling in the letter's text should warn anyone this isn't from some legitimate company. "Your itom has arricced", or something along that lines... was a hoot to read... but open the zip? nope... sorry suckers... beter luck next time.
    DigitalAtheist
  • RE: Spamvertised DHL notifications lead to malware

    I got one on the day I was expecting a package from DHL! The lack of tracking links, bad spelling and .zip attachment were a dead giveaway, but for a hot second...
    tracy@...
  • RE: Spamvertised DHL notifications lead to malware

    http://www.52tube.com/
    http://www.wctube.com/
    http://www.cameporn.com/
    http://www.escortbayan9.com/
    tamam
    myclub
  • RE: Spamvertised DHL notifications lead to malware

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    talih