Sophos Cloud Optix
Is there anybody who regularly reads Naked Security who isn’t familiar with malware attacks posing as email notifications regarding failed parcel deliveries?
Once again, we are seeing a widespread malware campaign spammed out – this time pretending to be regarding an aborted attempt to send a parcel via DHL to the recipient’s address.
But on other occasions we’ve seen very similar threats pretending to be from UPS or Fedex and others.
Here’s what a typical email in today’s attack looks like, complete with a DHL corporate logo in the header and the subject line “DHL Package delivery status”:
Dear [name derived from email address], with this message we notify you that delivery at your destination, tracking ID #[number], has FAILED due to an address discrepancy. To obtain your delivery please print out the attached document and contact DHL US support
Feel free to contact us with further questions.
Attached to the email is a file, DHL report.zip, which contains malware designed to infect Windows computers.
Sophos products detect the attack as Mal/BredoZp-B and Troj/Zbot-BWI.
Of course, the emails are not really from DHL. As always, you should be very very suspicious of unsolicited email attachments and make sure that your anti-virus software is properly updated.
There is also one going around pretending to be from amazon. They tell you the thing you ordered has been canceled. If I remember right then they try to get you to click on it to view it. So far as far as I know it is only sent to someone with an amazon account. I haven't gotten one on my main email. Just the one I use for amazon. My mom got an email saying it as well. Well she clicked on a thing to try to check it out and it tried to install a trojan on her computer. It is just a good thing her avast caught it. I on the other hand knew it was fake right away. Though I did open up amazon in a new tab just to go check to be sure my account hadn't been hacked. Which it hasn't been. No trace of this so called order.
I had the same problem, luckily my mum asked me to give her the scoop on it first! I did send a email off to amazon about it though!
I got caught a while ago with this one ….nasty….and I was expecting a package!!!
I haven't received the failed package delivery email but, I have been receiving order canceled emails from "Amazon." Of course, I had not ordered what the emails claim I canceled so I knew these were bogus. But they do look official to the unsuspecting person.
I've received quite a few of these "Failed Package" notifications. I live in Australia and nobody I know uses DHL, so I just delete them . But I guess people in the U.S could be easily caught.
Seriously?
Move your mouse over the links in your “cancelled order” see if it is something not <a href="http://www.dhl.com” target=”_blank”>www.dhl.com or <a href="http://www.amazon.com” target=”_blank”>www.amazon.com and bang – you have spotted a spam/scam.
Also a good indicator is indeed the fact that if you have not ordered anything, you have not canceled anything…
I've been receiving both Amazon and DHL malicious emails in the past 10 days with
different order numbers and tracking numbers every time.
I forwarded some of the Amazon to Sophos casre of the editor, she told me it was for
some male enhancement link it takes you to.
This is the first I have heard of the Amazon emails being malicious. I was sure that
the DHL are. I don't even open these emails and haven't for years. DO NOT OPEN
EMAILS FROM UNKNOWN SENDERS! Repeat after me….
Wake up people there is a damn good reason they end up in your spam or bulk email
folder depending what service you use! The emails are from known spam sites, or malicious websites using forged headers in the emails.
Looks like the DHL spam emails are doing the rounds again – I’ve had 2 in the past 3 days (in German as I have a German email address!!)