Danger lies in bogus emails claiming to be from DHL and Facebook

Filed Under: Facebook, Malware, Social networks, Spam

Malicious hackers are posing as DHL and social networking site Facebook in their latest attempts to infect computers with malware. Today we are seeing widespread spam campaigns being cannoned around the world, posing as messages from the companies.

However, files attached to the emails carry Trojan horses that can allow cybercriminals to comandeer your computer for their own purposes.

Dangerous DHL Services email, carrying malware

A typical email reads as follows:

Hello!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly.

Please attention!
The shipping label is attached to this e-mail.
Print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox!

Thank you,
DHL Services.

You would have hoped that a genuine message from DHL would have at least seen a sniff of a spell-checker, wouldn't you?

Nevertheless, if the above is enough to fall you, then you might be tempted to open the attached file - DHL_Label_73719.zip. That wouldn't be a good idea though as it contains a Trojan horse, detected by Sophos as Troj/BredoZp-S.

And the bad guys aren't only relying upon the disguise of a DHL delivery to infect your Windows computer. They are also exploiting the huge popularity of Facebook (350 million users and counting), by sending out messages claiming that the receipient's Facebook password has been changed for security reasons.

Fake Facebook password reset email

The email reads as follows:

Hey <name> ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

Attached to the email is a file called Facebook_Password_48f29.zip, and is detected by Sophos as Troj/BredoZp-P.

Both Trojan horses contain the ability to access the internet and communicate with a remote server via HTTP, opening a backdoor for hackers to gain control over your computer. Effectively, if your computer is infected it is now part of a botnet - meaning that hackers can use it for a number of nefarious purposes including stealing identity information, relaying spam or launching distributed denial-of-service attacks.

You should always be extremely suspicious of any unsolicited email which arrives out of the blue, encouraging you to open an attachment.

, ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.