Zero Day

Ryan Naraine and Dancho Danchev

Spamvertised DHL notifications lead to malware

By Dancho Danchev | March 11, 2011, 5:53am PST

Summary: A currently ongoing malware campaign is brand-jacking DHL for malware-serving purposes.

A currently ongoing malware campaign is brand-jacking DHL for malware-serving purposes. The spamvertised emails arrive as DHL Notification using DHL_tracking.zip; doc.zip; document.zip file names.

Sample message:Dear customer! The parcel was send your home address. And it will arrice within 7 bussness day. More information and the tracking number are attached in document below. Thank you. 2011 DHL International GmbH. All rights reserverd.

Upon execution the SpyEye crimeware campaign phones back to multiple URLs aiming to obtain additional modules for sniffing FTP credentials off malware-infected hosts.

Detection rates for the malware; DHL_notification.exe; doc.exe; DHL_tracking.exe

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Pwn2Own 2011: BlackBerry falls to WebKit browser attack

Microsoft: Pwn2Own flaw already fixed in IE9

Topics

Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Full Bio
Disclosure
Contact

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Talkback Most Recent of 9 Talkback(s)

Follow via:: RSS; Email Alert

RE: Spamvertised DHL notifications lead to malware

Hey, they found Dancho?! I thought he was MIA for a while...
ken@...
11th Mar
- Reply to
- Flag
RE: Spamvertised DHL notifications lead to malware

www.awwgame.com
lariosshow
14th Mar
- Reply to
- Flag
RE: Spamvertised DHL notifications lead to malware

nice post replica watches
lovedong
13th Sep
- Reply to
- Flag
RE: Spamvertised DHL notifications lead to malware

so i get an e-mail from a company i don't mail stuff thru saying there's a package for me i'm not expecting w/ a .zip attachment? and when i open the attachment it's not what i expect and does something bad to my computer?
darwinism of users.
bc3tech
11th Mar
- Reply to
- Flag
RE: Spamvertised DHL notifications lead to malware

So why is DHL calling customers to see if they will be home to receive a pkg..And if they are not going to be home asking them to leave a note on their door saying they are NOT HOME and to leave the pkg.
What a scam for a burglar.
I won't even have to get out of my car just drive by and look for the note on the door saying "I'm not home ".
Whatsreallyinaname
11th Mar
- Reply to
- Flag
RE: Spamvertised DHL notifications lead to malware

I received on of those stupid things in my junk mail file the other day. the attrociously bad spelling in the letter's text should warn anyone this isn't from some legitimate company. "Your itom has arricced", or something along that lines... was a hoot to read... but open the zip? nope... sorry suckers... beter luck next time.
DigitalAtheist
13th Mar
- Reply to
- Flag
RE: Spamvertised DHL notifications lead to malware

I got one on the day I was expecting a package from DHL! The lack of tracking links, bad spelling and .zip attachment were a dead giveaway, but for a hot second...
tracy@...
14th Apr
- Reply to
- Flag
RE: Spamvertised DHL notifications lead to malware

http://www.52tube.com/
http://www.wctube.com/
http://www.cameporn.com/
http://www.escortbayan9.com/
tamam
myclub
1st Jul
- Reply to
- Flag
RE: Spamvertised DHL notifications lead to malware

Well done! Thank you very much for professional templates and community edition
sesli chat sesli sohbet
talih
12th Aug
- Reply to
- Flag