New Bredolab variant in email regarding DHL parcel delivery problems

MX Lab started to intercept new variants of Bredolab in emails regarding DHL parcel delivery problems. The emails comes from the spoofed address Manager Youg Steward <parcel@dhl-usa.com> (name is choosen randomly).
The body of the email:
Dear customer!
The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.
You may pickup the [...]

December 7, 2009
Categories: Viruses . Tags: , , , , . Author: mxlab . Comments: 1 Comment

DHL Tracking Number 3YMH6JJY contains trojan

MX Lab intercepted a large amount of emails with the subject “DHL Tracking Number 3YMH6JJY” containing the trojan TrojanDownloader:Win32/Cutwail.gen!C (Microsoft), Trojan.Kobka.E (GData), AVG (SHeur2.BQSN() or Troj/Agent-LQA (Sophos).
The contents of the email:
Dear customer!
The courier company was not able to deliver your parcel by your address.
You may pickup the parcel at our post office personaly.
The shipping label is [...]

November 10, 2009
Categories: Viruses . Tags: , , , . Author: mxlab . Comments: 22 Comments

New DHL trojan variant in the wild

MX Lab has intercepted messages with the subject line “DHL Delivery problem NR ****”, where **** stands for random generated characters, probably to give the idea that these are tracking numbers of the package. The From address contains randomly choosen spoofed email addresses but no direct track to DHL.
The body of the email:
Dear customer!
We failed [...]

August 17, 2009
Categories: Viruses . Tags: , , , , . Author: mxlab . Comments: Leave a Comment

New variant W32/Trojan3.AKD attached with the DHL tracking email message

A new trojan variant is attached to the malicious DHL tracking emails. The trojan is known as W32/Trojan3.AKD and the attached zip file name is changed to dhl_n756512.zip.
The content of the email remains mostly unchanged:
Hello!
We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct.
Please [...]

March 27, 2009
Categories: Viruses . Tags: , , . Author: mxlab . Comments: 6 Comments

Email with DHL tracking number contains W32/Trojan3.AKC trojan

MX Lab intercepted a  few messages that claim that the delivery of the postal package that is handled by DHL has failed due to an incorrect recipient address.
The subject contains “DHL Tracking number #05CME637072VHBD”, the attachment is named DHL_HELP.zip and the body of the email contains the following message:
Hello!
We were not able to deliver postal package [...]

March 26, 2009
Categories: Viruses . Tags: , , , , . Author: mxlab . Comments: 21 Comments