March 22, 2009Phony DHL Invoice Malware Delivery
Here is the text of a fake message claiming to come from DHL, the international package delivery company:
Subject: DHL Tracking number #W46JA79872R0U24
We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your personal manager: Simone Gallegos,
Customer Service: 1-800-CALL-DHL
DHL International, Ltd. All Rights Reserved.
The goal, of course, is to get you to open the attached file named DHL_DOC.zip. A quick test through VirusTotal shows that a mere 7% of tested antivirus products immediately identify the file as malicious.
Before you think that no one could fall for something like this, consider that as I sit here, I am, indeed, awaiting delivery of a parcel from Germany that will arrive at my post office, but that is carried part of the way via DHL (and Deutsche Post). True, I didn't send the parcel (as this message relates), but when your brain sees things that it recognizes, it may fill in blanks the wrong way. In any case, there are a gazillion clues in the email message's header that this announcement is bogus, but not every recipient of this malware lure will be as perspicacious when it comes to suspecting email messages.
As I said the other day, treat all incoming email as suspicious until you can confirm otherwise. And by "confirm," I don't mean double-click attachments to see what happens.Posted on March 22, 2009 at 04:25 PM