Why should malware authors show any creative flair and imagination? There’s no need, after all, if tried and trusted methods of infecting computers still work.
Take, for instance, the widespread malware campaign that has been spammed out across the internet today, posing as an email from DHL.
A typical email has a subject line of “DHL Express Parcel Tracking notification [random code]” or “DHL Express Tracking Notification ID [random code]” or “DHL International Notification for shipment [random code]”
The emails read similar to the following:
DHL Express Tracking Notification: Mon, 11 Jun 2012 12:14:55 +0200
Custom Reference: 9057425-HRIEI2E4Q8C
Tracking Number: UT09-2041042911
Pickup Date: Mon, 11 Jun 2012 12:14:55 +0200
Mon, 11 Jun 2012 12:14:55 +0200 - Processing complete successfully
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.
Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track
Please do not reply to this email. This is an automated application used only for sending proactive notifications
Thanks in advance,
DHL Express International Inc.
Attached to each email is a ZIP file, containing the malware. The attached filename can vary, but takes the formDHL_International_Delivery_Details-[random code].zip