Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« How Spammers Poke and Prod You | Main | PayPal Phishing via Attachment »

March 22, 2009

Phony DHL Invoice Malware Delivery

Here is the text of a fake message claiming to come from DHL, the international package delivery company:

Subject: DHL Tracking number #W46JA79872R0U24

Hello!

We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.

Your personal manager: Simone Gallegos,
Customer Service: 1-800-CALL-DHL
Fax: 888-221-6211
DHL International, Ltd. All Rights Reserved.

The goal, of course, is to get you to open the attached file named DHL_DOC.zip. A quick test through VirusTotal shows that a mere 7% of tested antivirus products immediately identify the file as malicious.

Before you think that no one could fall for something like this, consider that as I sit here, I am, indeed, awaiting delivery of a parcel from Germany that will arrive at my post office, but that is carried part of the way via DHL (and Deutsche Post). True, I didn't send the parcel (as this message relates), but when your brain sees things that it recognizes, it may fill in blanks the wrong way. In any case, there are a gazillion clues in the email message's header that this announcement is bogus, but not every recipient of this malware lure will be as perspicacious when it comes to suspecting email messages.

As I said the other day, treat all incoming email as suspicious until you can confirm otherwise. And by "confirm," I don't mean double-click attachments to see what happens.

Posted on March 22, 2009 at 04:25 PM