Sloppy spelling scuppers DHL malware spam attack

Sloppy spelling scuppers DHL malware spam attack

Thank heavens for the poor education of cybercriminals!

If they had paid more attention to spelling and grammar at school (rather than mugging younger kids for their dinner money and inflicting chinese burns behind the bicycle sheds) then maybe some of their scams would be harder to spot.

Take this malware campaign that we are seeing being spammed out right now, for instance.

DHL malicious spam

Subject: DHL notification

Message body:
Dear customer.
The parcel was send your home address.
And it will arrice within 7 bussness day.

More information and the tracking number
are attached in document below.

Thank you.
2011 DHL International GmbH. All rights reserverd.

The email doesn’t really come from DHL, of course. This is just the latest in a long line of instances where cybercriminals have distributed malware attacks posing as communications from a delivery firm such as UPS or FedEx.

But take a closer look. There are 37 words in the body of that message, four of which are spelt incorrectly. That’s an almost 11% failure rate!

If the spelling mistakes and lack of professionalism weren’t enough to get your security sixth sense jangling, then hopefully your anti-virus would have identitifed that the attached file contains malware.

Sophos products detect the ZIP file proactively as Mal/BredoZp-B, and its Trojan horse contents as Troj/Agent-QQG.

I, for one, vote against improving the grammar and spelling of cybercriminals. We can’t rely on every malicious hacker being a poor communicator, but it certainly can help the general public identify when a message should be treated with suspicion.