Sophos Cloud Optix
We have been watching a large scale malicious spam campaign posing (once again) as an email from courier firm DHL.
Just like last time the messages claim that DHL tried to deliver a parcel from you on the 14th of March, and that you need to print out the attached invoice (contained inside dhl_n756512.zip) and bring it to their office.
Of course, opening dhl_n756512.zip is not to be recommended. It contains the Troj/Agent-JJP Trojan horse and will put the security of your computer into remote hackers.
The emails that are currently arriving in our spam traps, battering down like hailstones on a tin roof, all use the subject line “DHL Tracking number” but have a randomly generated reference number.
Of course, the hackers are bound to use this trick again. And it’s trivial for them to change the filename – so it’s not as simple as simply avoiding files called dhl_n756512.zip. You actually have to be careful about *any* unsolicited file attachment you are sent.