Why should malware authors show any creative flair and imagination? There’s no need, after all, if tried and trusted methods of infecting computers still work.
Take, for instance, the widespread malware campaign that has been spammed out across the internet today, posing as an email from DHL.
A typical email has a subject line of “DHL Express Parcel Tracking notification [random code]” or “DHL Express Tracking Notification ID [random code]” or “DHL International Notification for shipment [random code]”
The emails read similar to the following:
Hello Dear,
DHL Express Tracking Notification: Mon, 11 Jun 2012 12:14:55 +0200
Custom Reference: 9057425-HRIEI2E4Q8C
Tracking Number: UT09-2041042911
Pickup Date: Mon, 11 Jun 2012 12:14:55 +0200
Service: AIR/GROUND
Pieces: 2Mon, 11 Jun 2012 12:14:55 +0200 – Processing complete successfully
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track
Please do not reply to this email. This is an automated application used only for sending proactive notifications
Thanks in advance,
DHL Express International Inc.
Attached to each email is a ZIP file, containing the malware. The attached filename can vary, but takes the form DHL_International_Delivery_Details-[random code].zip
Sophos products detect the Windows malware as Troj/Agent-WMO.
Malicious emails that claim to come from courier companies are nothing new.
In fact, they are one of the most commonly used social engineering disguises deployed by cybercriminals to trick unsuspecting users into opening a malicious attachment or clicking on a dangerous link.
Make sure that you and your friends are wise to the trick – and think before you click.
Forklift truck image courtesy of Shutterstock.