Sophos Cloud Optix
Disguising email as notifications of package deliveries is not a new trick, but cybercriminals keep using it.
And the reason they keep using this social engineering trick to infect users’ computers? Well, the answer is simple. It works.
Windows malware is being spammed out right now posing as tracking notifications from DHL.
It may appear to be a legitimate-looking email from DHL, but you should be wary about the attached file.
The latest incarnation of the attack uses emails similar to the following (the tracking notification number can vary):
Subject: DHL Tracking Notification ID: [random number]
From: "DHL International" <notice@dhl.be>
The most convincing thing about this email? No spelling mistakes.
Attached to the emails is a ZIP file which contains malicious code.
Again, the filename of the email’s attachment will vary from message to message but does take the following form:
DHL-Express-Delivery-Notification-Details_03-2012_[random id].zip
Sophos security products detect the malware as Mal/BredoZp-B and Mal/Zbot-FV, capable of allowing remote hackers to steal your information and take control of your Windows PC.
Computer users that use DHL to send and receive parcels may see nothing wrong in opening what looks like a legitimate email and may click on the attached zip file without a second thought.
By using big names, the fraudsters are attempting to trick more unsuspecting victims, and by changing the filename on each message, they’re able to avoid less sophisticated spam filters. All computer users need to watch out and be careful about any unsolicited file attachment they receive, no matter who it claims to come from.
Digital explosion image from Shutterstock.
I have received emails claiming to be from DHL and FED EX. The best thing I can tell anyone is don't open the email, go directly to DHL or FED EX website if you want to track a package, also, their website tells you about known scams to get into your computer.
One of my friend was infected with this.
I got one from UPS CampusShip.
We can only confirm this. This kind of attack is anything but new but we've been seeing a sharp increase since about 10 p.m. CET last night. Since then we have seen a four-time increase in the total amount of malware-carrying spam, mostly from Asia (Taiwan, Singapore, Vietnam).
Fed-Ex, DHL and the Post office (USPS) I've had all three… My Spam folder was full and Yahoo sent it to there automatically…
Im on an apple with windows….
Yes I got one from one of the jerks of the Nigerian Scam saying he's an FBI officer and that I have to claim a prize or some sort of Lottery shit! and requesting personal info and providing me tracking number for packages, what a dick!!
I thought the Bredo botnet was taken down. Same group or what?
In addition to DHL and Fedex, I also see spam coming from the USPS (United States Postal Service). More recently, there's been mail supposedly coming from Youtube telling me my video has been moved to the top of the list (yeah right).
Do the previous commenters have some sender addresses they can share?
Yes, I've received them , but deleted them immediately.
i've had scam spam from all of the above, if i've ordered nothing either online or by mail i ignore the scam mail. if i am expecting a package delivery i go straight to the shipping company's tracking web site, not via the scam link. i don't believe in pennies from heaven, fairy godmothers or strangers from far away places wanting to make me rich beyond dreams of avarice.
Fedex spams can be sent to: abuse@fedex.com
I had THREE DHL emails today, July 21, 2013 arrive in my Junk Mail, so it ain't over yet and the "Fat Lady" hasn't sung, so to speak!
LindaSView