New Malicious Threat Disguised as Fake DHL Shipment E-mail

Recently, security researchers at AppRiver (security firm) have warned of a fake malware infected DHL delivery status e-mails that are targeting innocent internet users.

The "From" column of the e-mails is spoofed as if it had come from "DHL Servicios" and the complete content of the message is written in Spanish. These emails are quite different from all other DHL spoofs as they exploit a real DHL email template, which comprise the company's logo, color schemes, images, and contact information.

These fake e-mails states that a package could not be delivered on time due to unclear or badly written shipping address. The e-mail further informs recipients that the parcel can be collected from the local post office. To collect the parcel, the e-mail asks the users to carry along a print of the shipping label enclosed in the attachment.

The shipping label attachment is named Etiqueta_ID#####.zip (# being a random digit) and encloses a folder with a malicious .exe file. The file contains a fake Excel document icon, which installs an Oficla variant. The Oficla family of malware is called droppers. As the name suggests, their main aim is to penetrate into systems and drop malware that can further damage the system.

Commenting on the issue, Fred Touchette, Security Researcher at AppRiver stated on his blog post that, he was not sure that who would like to get into all of these troubles by clicking on several links and attachments, but one thing he was sure of is that, this trick works. He further said that, he could only presume that those files were foldered and zipped to avoid detection by anti-virus software, which doesn't check that thoroughly, as reported by AppRiver on October 25, 2010.

Finally, users can apply their common sense approach and keep in mind the following suggestions to avoid falling prey to such malware attacks. First and foremost, if the user doesn't speak Spanish, he should immediately delete from their inbox. In case, if the user speaks the language, but not expecting some DHL shipment, then also he should immediately delete the e-mail.

But in case, if the user is expecting a shipment from DHL and speaks Spanish, then he should think for a while regarding the poorly written message and understand that a reputable company would not sent such a badly written thing or file attachment like this (via e-mail).

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 11/4/2010