Express shipping spam delivers info-stealing trojan

“Online criminals have spammed out a large number of messages, claiming to come from DHL Express International, that are designed to install malware onto the computers of unsuspecting PC users,” said Sophos Security senior technology consultant Graham Cluley, writing in the Naked Security blog.

The mail looks legit: the attackers have forged the email headers. And the message tells the recipient that processing has been completed successfully, and to “refer to attached report for full details.”

Attached to the emails is a ZIP file, containing malware. The filename of the ZIP file can vary, but takes the form "DHL,” where the Xs are a random code, Cluley said.

The malware, Troj/BredoZp­S, is a nasty trojan horse that can corrupt a Windows-based system, stealing personal data like user name, passwords, account details and other confidential data. It also changes the desktop background of a system and can offer remote control to attackers.

The technique is not new, but it’s remarkably effective, and therefore keeps cropping up. Last fall, FireEye put out a report that identified the social engineering keywords that cybercriminals most often use to lure people into opening email-based cyber attacks. The winner? shipping.

The firm noted that cybercriminals use a variety of techniques to create a sense of urgency and trick unsuspecting recipients into downloading malicious files. The express shipping category used to evade traditional IT security defenses in email-based attacks is included in about one quarter of them, including words like “DHL,” “UPS,” and “delivery.”

It’s also a wide-net approach: millions of people send packages via FedEx, DHL and UPS every day, raising the odds that the message would land in a sympathetic mailbox.

“Time and time again we have seen cybercriminals using the disguise of shipping companies like DHL and FedEx to spread their malware attacks and hijack the computers of the unwary,” Cluley said. “Your best protection is to not just run an up-to-date anti-virus, but also to live and breathe computer security in your everyday life.”

He added, “How do you do that? Well, you can start by learning to never open attachments in unsolicited emails – however tempted you might be.”

What’s hot on Infosecurity Magazine?