DHL delivery report email scam delivers malware 'packages'
March 20, 2013
As I predicted on March 17, this week is off to a running start for email-borne malware scams. Today, we are seeing an ongoing spam blast with the subject: DHL delivery report - which contain malware attachments.
Here are some identifying words and phrases you should be looking out for, when (not if) you receive this email message.
Subject: DHL delivery report (or similar)
From: "(A spoofed personal name) - DHL regional manager" <[email protected]>
Body Text: (dozens of lines of HTML precede readable text)
DHL notification
Our company?s courier couldn?t make the delivery of parcel.
REASON: Postal code contains an error.
LOCATION OF YOUR PARCEL: New York
DELIVERY STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL: ETBAKPRSU3
FEATURES: No
Label is enclosed to the letter.
Print a label and show it at your post office.
An additional information: If the parcel isn?t received within 15 working days our company will have the right to claim compensation from you for it?s keeping in the amount of $8.26 for each day of keeping of it.
You can find the information about the procedure and conditions of parcels keeping in the nearest office.
Thank you for using our services.
DHL Global
The attachment is not a printable label, as claimed, but is the Bredolab botnet downloader/installer.
Do you notice the inconsistency in the name of the company being spoofed and the place you are told to take the printed label? The label is supposed to be taken to "your post office," but the message claims to come from DHL, a private courier service, totally unaffiliated with the US, or Canadian, or Australian, or British Postal Services. You should not allow these errors to get past your bullshit detectors. Neither DHL, nor FedEx, nor UPS would ask you to take a printed form to your "post office!" They are in competition with your Postal Service!
Note the part that tries to panic recipients into acting quickly: "If the parcel isn?t received within 15 working days our company will have the right to claim compensation from you for it?s keeping in the amount of $8.26 for each day of keeping of it" This is meant to goad the recipient into acting on the message (printing the 'label') without thinking it through or paying more close attention to the grammatical errors.
If you fell for this scam, assume that your computer is infected with a botnet controller and possibly information stealing Trojans. If you have anti-virus and/or anti-spyware programs installed, assume that they failed you, until proven otherwise. While I often recommend this or that security program, something else came to my mind for this case. Why scan with one company's security scanner when you can have multiple scans performed under one blanket app?
I am referring to a commercial security program I am affiliated with, named Hitman Pro. It is a specialized 'second opinion' malware detection tool, often employed in malware removal forums. Hitman scans for threats for free. It detects and removes the ZeroAccess Rootkit when others don't. This rootkit is often deployed by botnet installers to protect their ill-gotten access to your computers.
Scanning with Hitman Pro is always free. Removal requires 30 day fully functional free trial, or a purchased license. Start a Free 30 day trial to remove any detected malware, or buy a 1 year, 1 PC subscription for $19.95.
I would take the 30 day free trial and see if Hitman finds and removes malware that you have picked up over the Interwebs. If you are happy with the results, license it for a year. If not, be happy it helped you out one time for free.