Malware City/Blog/

Jan
20
Filed Under:
ALERTS

Malware spreading via fallacious message sent on behalf of DHL

20 January 2010
You’ve got a Trojan in your Inbox! Last days, a malware distribution campaign using DHL brand as coverage started spreading through e-mails. The original message states that DHL has a problem in delivering a parcel, because the shipping address is wrong. In this case, the recipient of the notification is guided to print an address label, attached to the mail as a .zip file and, using it, to pick up his or her parcel from the post office.

DHL Message Malware

However, the message is not from DHL and the claim that the delivery of a parcel failed due to an address error is untrue. There is no parcel, the message being just a trick designed to fool recipients into downloading the attachment.

Instead of an address label, the users receive Trojan.Downloader.Bredolab.CJ, a new breed of a Trojan very popular in malware distribution campaigns employing delivery company names. Once installed onto the system, this new version is able to download and install other e-threats, such as keyloggers, password stealers and rogue antivirus (e.g. PC Antispyware 2010).

DHL Virus

Data provided by BitDefender's Real-Time Virus Reporting System shows an impressive spreading of Trojan.Downloader.Bredolab.CJ, on the 15th of January 2010, the most affected countries being United States, Germany and France.

Country name

Infected systems %

Infected files %

United States

18.62

19.09

Germany

12.23

10.61

France

10.64

8.48

Spain

9.57

8.79

United Kingdom

4.79

5.76

Australia

3.72

8.18

India

3.19

2.12

Switzerland

3.19

5.76

Portugal

2.66

3.94

Mexico

2.13

1.21

Unfortunately, this increasing trend continues to keep up: until the 18th of January, in Germany, the total number of infected systems grew for nearly 50%, in Australia, with almost 200% and in United Kingdom with just about 20%.

It is expected that this kind of campaigns, fraudulently using very well known shipping brands (like UPS, DHL, or US Postal Service) to continue and even to rise this year. The social engineering behind proves to be efficient: whether the user really employs the real-company's services and he or she is expecting a package, or one thinks that somebody sent him/her a gift, or someone is just curios to see the details within the attachment. In all cases, the result is the same: open the file to take a look inside and ultimately... get infected.

In order to stay safe, BitDefender recommends you to never open the attachments coming from unknown contacts as well as to install and update a complete antimalware software solution.





By Sabina Datcu
Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.

Related

15-01-2010 | 0-Day Exploit Week Bonanza: IE8, Adobe Reader Flaws in the Wild

15-01-2010 | Fake HMRC Notice of Underreported Income

14-01-2010 | The campaign using Microsoft® Office® Outlook Web Access name boosts the infection rates

13-01-2010 | New PayPal Phishing Scam Exposed

Comments:

Cat said on Jan-21-2010 08:23

Also happening with UPS.

Comment on this

Name:

Email:

Website:

Your email adress will not be published.