MX Lab started to intercept a new trojan distribution campaign by email with the subject “DHL Service. Error in delivery addres number 452” – number at the end may vary.
The email is send from the spoofed address “DHL Global Mail <email@example.com>” and has the folowing body:
We were not able to deliver your package to your address.
Reason: Error in delivery address.
Get your parcel in your local post office.
The postal label is attached to this e-mail.
We kindly ask you to print it and take it to the post office to pick up the package.
DHL Customer Service.
The attached zip file has the name DHL_Print_Label_ID4114.zip and contains the 36 kB large file DHL_Print_Label_ID4114.exe.
The trojan is known as Win32:Trojan-gen (Avast), Trojan-Downloader:W32/Oficla.HR (F-Secure), TrojanDropper:Win32/Oficla.T (Microsoft), Trojan-Dropper/W32.Agent.36864.GH (Norman).
Virus Total permlink and MD5: 9ffc6994a66be0d8667550a0e9ed80ea.