Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

October 25th, 2010, 14:59 GMT · By

Infected DHL Emails Target Spanish Speakers

SHARE:

Adjust text size:


Oficla distributors target Spanish speakers via fake DHL failed delivery emails
Enlarge picture
Malware distributors are targeting Spanish speakers through fake DHL failed delivery notification emails that carry a variant of the Oficla trojan.

The "From" field of the emails is spoofed to appear as if they originate from "DHL Servicios" and the entire message contained within is written in Spanish.

The fake emails are different from most DHL spoofs, because they abuse an real DHL email template, which includes the company's logo, images, color scheme and contact information.

This email template abuse technique has been very common during the second half of this year, when it was used to mimic communications from popular services like Facebook, Twitter, LinkedIn, Gmail and many others.

Fake DHL email distributing Oficla trojan to Spanish speakers
Enlarge picture
The lure used in this new DHL-themed attack is the same as in English variants observed in the past. The emails claim that a package could not be delivered because of a bad shipping address.

Recipients are told that the parcel is available for pick-up at the local post office and are instructed to print the shipping label found inside the email attachment in order to retrieve it.

The attachment is called Etiqueta_ID#####.zip (where # is a random digit) and contains a folder with malicious a .exe file inside.

The file has a deceptive Excel document icon and installs an Oficla variant. Trojans from this family of malware are commonly used as distribution platforms for other malicious applications.

They are part of pay-per-install (PPI) schemes in which other criminals pay the trojan's authors to deploy their malware to as many computers as possible.

Oficla is commonly used to distribute scareware, rogue antivirus programs that bombard users with bogus security alerts in an attempt to trick them into paying for a license key.

"I'm not sure who would want to go through all of the clicking trouble required to be infected by this trojan, but I'm sure it works," Fred Touchette, researcher at email security vendor AppRiver, writes.

"I can only assume that these files are foldered and then zipped in an attempt to evade detection by anti-virus software that doesn't look that deep, though I think most do," he adds.

Users are advised to treat all email attachments with suspicion, even when they appear to originate from trusted or known sources. It's strongly recommended to scan such files on services like VirusTotal before opening.

TELL US WHAT YOU THINK:

1,303 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Fake United States Postal Service Emails Distribute Trojan Downloader
Fake DHL Emails Distribute New Trojan
Your Delivery Failed – Have This Trojan Instead

READER COMMENTS:


Comment #1 by: saint on 26 Oct 2010, 14:22 UTC reply to this comment

I have received one of those emails but I did not open it. I try to be very careful about opening emails. Thanks to God.

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use