DHL Online Advisory emails contain new trojan variant


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign, similar like the previous “DHL Online Shipping Prealert Advisory” we started intercepting yesterday, by email with the subject “DHL Online Advisory AWB 830533211”.

The email is send from the spoofed address “webadm@dhl.com” and has the following body:

DHL WORLDWIDE EXPRESS
INBOUND SHIPMENT ADVISORY

The following 1piece(s) have been sent via DHL Worldwide Express on Tue, 31 Jul 2012 14:48:05 +0200
via AWB# 405814829

If you wish to track this(these) shipment(s) please contact your local
DHL customer service office or visit the DHL Web Site at
http://www.dhl.com

If you have a Web-enabled mail reader, click the link below to view shipment tracking
details:

http://www.dhl.co.uk/content/gb/en/express/tracking.shtml?brand=DHL&AWB=368015876

SHIPMENT CONTENTS:
Documents

SHIPPER REFERENCE: PLEASE REFER TO ATTACHED FILE

ADDITIONAL MESSAGE FROM SHIPPER: PLEASE REFER TO ATTACHED FILE

Thank you for requesting DHL Worldwide Express for your delivery needs

The attached ZIP file has the name DHL-Online-Notification_awb134201201.zip and contains the 56 kB large file DHL-Online-Notification.exe.

The trojan is known as W32/Trojan3.DXB, W32/Kryptik.AB!tr, PWS-Zbot.gen.yl or Mal/Katusha-F.

At the time of writing, only 6 of the 41 AV engines did detect the trojan at Virus Total.

Virus Total permalink and SHA256: 198553f2ebd76b921309a85f77266c40d9c5445bc1058ea12ef624195b193a9d.

3 thoughts on “DHL Online Advisory emails contain new trojan variant

  1. Annoyingly I am expecting a parcel from DHL! If you click on the e mail don’t be surprised if you get more of them, I have got three more already in a couple of hours. That’s a certain sign it is a fake. I don’t know what they are after if anything since I didn’t proceed any further. Why can’t these people use their talents for something constructive, what a bunch of A***holes.

  2. Don, these A***holes are just as likely to be the American or Chinese governments. The morons think that the entire world is a battleground and now they’re f***ing up the internet too.

    They call it “win-win” because the viruses screw up other countries and at the same time American companies spend billions on anti-virus which is a great economic stimulus.

Comments are closed.