Deutsche Post email with attached ZIP file Postetikett contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Deutsche Post. Sie mussen eine Postsendung abholen″. This seems to be a variant to the DHL and UPS delivery issues but now presented in the German language with Deutsche Post as carrier.

The email is send from the spoofed address “Deutsche Post <post@deutschepost.de>” and has the following body:

Lieber Kunde,

Es ist unserem Boten leider misslungen einen Postsendung an Ihre Adresse zuzustellen.
Grund: Ein Fehler in der Leiferanschrift.
Sie konnen Ihre Postsendung in unserer Postabteilung personlich kriegen.
Anbei finden Sie einen Postetikett.
Sie sollen dieses Postetikett drucken lassen, um Ihre Postsendung in der Postabteilung empfangen zu konnen.

Vielen Dank!
Deutsche Post AG.

The attached ZIP file has the name Postetikett_DE43313.zip and contains the 40 kB large file Postetikett.exe.

The trojan is known as W32/Yakes.B!tr (Fortinet) or a variant of Win32/Kryptik.LJ (NOD32).

At the time of writing, only 2 of the 44 AV engines did detect the trojan at Virus Total.

Virus Total permalink and MD5: df6b8f76fc0b76eaea9b104be1e28a70.

One Response to Deutsche Post email with attached ZIP file Postetikett contains trojan

  1. Cristian │Downloadfreepc says:

    thanks for comment on this virus alert. Prevention is the most important as well as be informed about new attacks to protect the safety of our equipment and software

Follow

Get every new post delivered to your Inbox.

Join 319 other followers

%d bloggers like this: