Spam Campaign Distributing Malware Masquerades as DHL Express

According to SophosLabs, one malware scam is spreading far-and-wide as it spams out e-mails pretending to be from DHL Express the global service for mail delivery.

Captioned as "Processing complete successfully," the spam mails assert to be certain notification to track DHL Express. These e-mails state that users can obtain the shipment status by visiting the DHL website within the U.S. under http://track.dhl-usa.com alternatively internationally via http://www.dhl.com/track.

The bogus e-mail also tries to sound genuine so it states that recipients needn't answer it as it's automated and dispatched solely in the case of issuing proactive notifications.

Eventually, a word of thanks appears in the e-mail on behalf of DHL Express International Inc.

But, DHL hasn't really sent the message to which is attached a file labeled as DHL_Express_Processing_complete.pdf.zip. This file carries malicious software, which Sophos identifies to be Troj/BredoZp-S.

Thus, if anyone views the attachment, it can result in the Trojan's installation which likely will communicate with malware-ridden websites for taking down more malware. Usually such malware garners data from the contaminated PC as also transmits the same to remote cyber-crooks.

A tell-tale sign that the e-mail isn't a DHL message is the extremely weak grammar and spelling inside it. Besides, DHL will most probably not contact clients through unsolicited, general electronic mails that have information inside a file attachment. Previously too, DHL routinely became cyber-criminal's target for the purpose of spreading malware. These malware purveyors also repeatedly abused other popular mail dispatching firms such as FedEx and UPS.

Worryingly, it's because of the above kinds of malware-laced bulk e-mail outbreaks which prompted FireEye to sum up that terms related to express delivery such as "UPS," "DHL" or "delivery" got incorporated within approximately 25% of assaults. FireEye's conclusion appears within its just published report namely "Top Words Used in Spear phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data."

Meanwhile, DHL became the target of online-criminals earlier too, recently. For, SophosLabs traced e-mails, during June 2012, that were captioned "DHL International Notification for shipment [random code]," "DHL Express Tracking Notification ID [random code]" or "DHL Express Parcel Tracking notification [random code]."

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 10/24/2012