ANNOUNCEMENT : ALL OF ROYAL MAIL'S EMPLOYMENT POLICIES (AGREEMENTS) AT A GLANCE (Updated 2021)... HERE

ANNOUNCEMENT : PLEASE BE AWARE WE ARE NOT ON FACEBOOK AT ALL!

Fake DHL Emails Distribute New Trojan

Competitors and other mail organisations around the world news and discussion.This is an open forum.
TrueBlueTerrier
FORUM ADMINISTRATOR
Posts: 72496
Joined: 30 Dec 2006, 10:29
Gender: Male
Location: On my couch

Fake DHL Emails Distribute New Trojan

Post by TrueBlueTerrier »

http://news.softpedia.com/news/Fake-DHL ... 6649.shtml" onclick="window.open(this.href);return false;

Security researchers from antivirus vendor Avira warn that a new spam campaign masquerades as notifications DHL. The fake emails have a new computer trojan variant hidden in their attachments.


The messages have their "From" field spoofed to appear as originating from an DHL email address. The subject is "DHL Tracking Number ########" (where # stands for a random letter or digit) and unlike most spam, the content of these emails is relatively well spelled.

"Hello! The courier company was not able to deliver your parcel by your address. You may pickup the parcel at our post office personaly. The shipping label is attached to this email. Please print this label to get this package at our post office. Thank you for your attention," the emails signed by DHL Delivery Services, read.


The attached archives are called DHL_INVOICE23.zip and contain a trojan installer. "The file in the ZIP archive uses a double file extension in the form of DHL_INVOICE_23.xls______________<plenty of underscores>______.exe," the Avira researchers explain. This naming scheme as well as the file Excel document icon, have the purpose of deceiving the users into believing that they are actually opening a document.

The series of underscores pushes the .exe extension out of the view when the archive file is opened in an unpacking program. At the same time the .exe part will not be visible in Windows Explorer either, since file extensions are hidden by default. "The malware is a variant of the Trojan family Oficla," Thomas Wegele, virus researcher at Avira, writes.

The failed DHL delivery notification seems to be a recurring theme with malware pushing spam. More than one year ago an almost identical campaign was used to spread a variant of the infamous Zbot banking trojan.

Unfortunately these scams still work and can have serious consequences. At the end of June we reported a case where fraudsters managed to steal $465,000 from the bank account of a Californian escrow firm, after its owner opened the attachment of a fake failed delivery email.
All post by me in Green are Admin Posts.
Any post in any other colour is my own responsibility.
If you like a news story I posted please click the link to show support Any news stories you can't post - PM me with a link
My sharing of news articles should not be interpreted as an endorsement or condemnation of any particular viewpoint or the issues presented. I share them solely for informational purposes.