New DHL trojan variant in the wild

August 17, 2009 by mxlab Leave a Comment

MX Lab has intercepted messages with the subject line “DHL Delivery problem NR ****”, where **** stands for random generated characters, probably to give the idea that these are tracking numbers of the package. The From address contains randomly choosen spoofed email addresses but no direct track to DHL.

The body of the email:

Dear customer!

We failed to deliver the postal package sent on the 28th of June in time
because the recipient’s address is erroneous.
Please print out the invoice copy attached and collect the package at our office.

Your DHL Delivery Services.

The email has a ZIP file attached that starts with the letter “D” followed by random generated characters, for ex. D1c8020fd.zip, and contains the trojan W32/Troj_Obfusc.J.gen!Eldorado (F-Prot), TrojanDownloader:Win32/Bredolab.X (Microsoft), Mal/Behav-340 (Sophos).

Only  8 of the 41 AV engines at Virus Total detected the trojan at the time of investigating this new threat so be carefull because it is likely that your AV engine isn’t up to date yet.

VirusTotal permlink and MD5: e9a23f7e7850257398b2021b927f706b.

Filed under Viruses Tagged with , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>