Spamvertised 'DHL Tracking Notification' emails serve malware

Spamvertised 'DHL Tracking Notification' emails serve malware

Summary: Security researchers from Sophos have intercepted a currently circulating malware campaign that's using 'DHL Tracking Notification" themed emails in order to serve malware.

SHARE:

Security researchers from Sophos have intercepted a currently circulating malware campaign that's using 'DHL Tracking Notification" themed emails in order to serve malware.

The emails contain a ZIP attachment -- DHL-Express-Delivery-Notification-Details_03-2012_[random string].zip -- that's containing the actual malicious code. The malware is currently detected as Mal/BredoZp-B and Mal/Zbot-FV.

This isn't the first time that cybercriminals are impersonating DHL. In the past, they have also impersonated UPS and FedEx, once again in an attempt to trick end and corporate users into downloading and executing a malicious attachment.

End and corporate users are advised to avoid interacting with the emails, and to report them as spam/fraudulent immediately.

Topics: Malware, Collaboration, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Just to confirm

    You didn't make it clear in your blog so I'm going based on what I've read in other sites:
    1. You get an email with a zip file attached.
    2. You have to open the zip file and in there is an executable file.
    3. You then have to run the executable file.
    4. Finally, you have to elevate the permissions on the executable file.

    Is that about right or did I miss something?

    What I don't understand is why malware authors require users to go through so many steps in order to get infected with this stuff? Since we are constantly told that Windows has swiss cheese security, why don't these malware authors simply use one of the millions of easy ways out there to automatically gain admin rights on these Windows machines?

    Or is it possible we've all been lied to regarding how easy it is to infect a Windows machine?
    toddbottom3
    • You left out the most important bit...

      Your list should be:
      1. This applies to MS Windows users only!
      2. You get an email with a zip file attached.
      3. You have to open the zip file and in there is an executable file.
      4. You then have to run the executable file.
      5. Finally, you have to elevate the permissions on the executable file.
      Johan Safari
      • Of course it does

        Just like the new OSX/Imuler malware applies to OS X users only and Windows users are completely safe from it. So?
        toddbottom3
  • ease

    Maybe they didn't want to do the extra work required. T his would be the easiest and quickest way to deliver and implement malware. And, tons of users ( if they have local admin rights on their pc ) will click that three times on a file emailed to them, even though they don't know what it is or could be for ( without even thinking about it first ). So, why figure out how, or take the extra time to code to get into pcs automatically
    monsruzo
  • Nothing really new

    It's not really anything new, esp. when you aren't expecting a delivery.

    Same as you aren't expecting a package at Heathrow, and should not send your passport as identification, and all the other bank or other scams.

    A non new story, unless you are a serial idiot.
    neil.postlethwaite
  • well.....

    I kid (sort of) when I say the only truly human repeatable action is screwing up. Always a % of your workforce that will fall for it.
    rjm56