Sophos Cloud Optix
Have you received an email with the subject line “Express Shipment Notification”?
If so, be on your guard – you could be at risk of infecting your Windows computers.
Online criminals have spammed out a large number of messages, claiming to come from DHL Express International, that are designed to install malware onto the computers of unsuspecting PC users.
Here is what a typical example of an email spammed out in the attack looks like:
DHL Express
Tracking Notification: 449762627Custom Reference: 594078O440
Tracking Number: XFLNH94244
Pickup Date: Mon, 18 Mar 2013 12:39:03 +0100
Service: AIR
Pieces: 1Mon, 18 Mar 2013 12:39:03 +0100 - Processing complete successfully
Refer to attached report for full details.
Attached to the emails is a ZIP file, containing malware. The filename of the ZIP file can vary, but takes the form “DHL reportXXXXXX.zip” (where the ‘X’s are a random code).
Sophos products detect the malicious attachment as the Troj/BredoZp-S Trojan horse.
Of course, the emails don’t really come from DHL – and the fact that you may have received an email which has DHL in its “From:” field does not mean that any computer systems at DHL have been compromised, but just that the attackers have forged the email headers.
Time and time again we have seen cybercriminals using the disguise of shipping companies like DHL and FedEx to spread their malware attacks and hijack the computers of the unwary.
Your best protection is to not just run an up-to-date anti-virus, but also to live and breathe computer security in your every day life.
How do you do that? Well, you can start by learning to never open attachments in unsolicited emails – however tempted you might be.
I see this type of thing every day while reviewing spam for my clients, and it's been going on for a long time. DHL, FedEx, Intuit Payroll, ADP, BBB, AT&T, Verizon Wireless, Amazon, etc … too many to remember. Some use to contain links to infected sites or phishing login screens, but most have attachments that are malware.
I think that’s it’s virtually a lost cause to try to protect people from themselves. Truly, there’s one born every minute.
I give computer classes; the most poorly attended class I give is one computer and Internet security. Apparently, most users think what you don’t know can’t hurt you.
This could be confusing to some and have them accidentally open it…..I get my prescriptions from "Express Scripts"…..
i think people must adopt the 'THINK BEFORE YOU CLICK' policy
Annoyingly I am expecting a tax refund too. But, luckily, I know HMRC will send me a letter in the post, not some badly spelled email.
Has anyone actually put the tracking number into the relevant courier's website? I can't imagine a spammer would be stupid enough to use one of their own tracking ref.s but you never know.
Yes I have, and no it wasn't valid.