A new spam campaign is using fake DHL tracking notifications to deliver malware.
The emails inform the recipient of a shipment that’s on the way to them and to check the attachment for details. In this zip file, there are two pieces of malware: Mal/BredoZp-B and Mal/Zbot-FV. Zbot, also known as the infamous Zeus. Both are linked to botnets and designed to steal online banking info, login credentials and other personal information. The name of the attachment is different in each message, which helps keep the spam from being caught by filtering software.
While this type of spam has been around for a while, and has brandjacked FedEx, UPS and the US Postal Service as well, there is one very noticeable difference about this particular campaign. The emails are written in perfect English. No typos or grammar errors. That’s pretty unusual as most of these scams are carried out by overseas cybercriminals with very poor English skills. The broken English and bad spelling was an easy giveaway that the message was fake. With that red flag removed, it’s possible more people will fall for it and have their computers infected, because sadly, even though it’s common knowledge that you should never open an attachment from anyone you don’t know and be careful with ones you do know, people still ignore the danger and do it anyway. Their curiosity gets the better of them and that’s exactly what cybercriminals and spammers hope for.
For the record, DHL never sends out tracking information as an attachment.