Sophos: Spammed DHL Notifications Deliver Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Sophos' Graham Cluley reports that Windows users are at risk from spam e-mails with the subject line "Express Shipment notification."

The messages, which have been sent out in large numbers, include an attached ZIP file that contains malware -- the email askes the recipient to "refer to attached report for full details."

"The filename of the ZIP file can vary, but takes the form 'DHL reportXXXXXX.zip' (where the 'X's are a random code)," Cluley writes. Sophos identifies the malware in the attachment as Troj/BredoZp-S.

"Of course, the emails don't really come from DHL -- and the fact that you may have received an email which has DHL in its 'From:' field does not mean that any computer systems at DHL have been compromised, but just that the attackers have forged the email headers," Cluley notes.

More recently, Cluley reported that a similar spam campaign uses a different attachment, disguized as a label to be delivered to the post office, to drop Troj/Bredo-AGB.

"Of course, this isn't really DHL or FedEx's fault," Cluley writes. "Their company name is being abused by the criminals and their brand image tarnished through association with such attacks."