Malware-Spreading DHL Tracking Notifications Making the Rounds

It's clear that these campaigns record a great success

By on March 21st, 2012 13:05 GMT

Back in October 2011 security experts warned users that fake DHL Tracking Notifications were landing in inboxes, trying to spread a malicious Trojan. Now, Sophos warns that the same emails are still being sent by cybercriminals.

Apparently originating from the notice@dhl.be email address, the email urges users to download an attachment which allegedly contains detailed information regarding a DHL Express Shipment.

In reality, the attachment holds a nasty piece of malware identified as Mal/BredoZp-B which allows its masterminds to gain access to computers and the data they store.

So you may wonder why crooks keep sending these emails, even though many internauts are aware of these scams and security solutions providers have already made sure that their products keep these malevolent elements at bay.

One of the reasons, especially with these delivery-themed emails, is that many people make online orders, so the chances of success are high. Someone who is actually expecting a package will most likely rush to download the attachment without giving it much thought.

On the other hand, cybercrooks know that even though there are lots of awareness-raising campaigns on this topic, many users still think that the Internet is a warm and cozy place.

Even more so, a lot of internauts fail to install an antivirus solution and even if they do, they neglect to keep it up to date, which is just as bad as not having one at all.

The bottom line is that even if you are expecting the arrival of a parcel, you should treat delivery emails with at least some amount of suspicion. Check the name of the delivery company and for any other clues that may give away a scam’s true purpose.

Also, as a general rule of thumb, if the attachment is a zip archive, most likely it means that a Trojan or another type of malware is hiding in it to avoid being detected.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.

Comments