Malware spreading via fallacious message sent on behalf of DHL

Last days, a malware distribution
campaign using DHL brand as coverage started spreading through e-mails. The
original message states that DHL has a problem in delivering a parcel, because
the shipping address is wrong. In this case, the recipient of the notification is
guided to print an address label, attached to the mail as a .zip file and,
using it, to pick up his or her parcel from the post office.

However,
the message is not from DHL and the claim that the delivery of a parcel failed
due to an address error is untrue. There is no parcel, the message being just a
trick designed to fool recipients into downloading the attachment.

Instead of an address label, the
users receive Trojan.Downloader.Bredolab.CJ,
a new breed of a Trojan very popular in malware
distribution campaigns employing delivery company names. Once installed onto the system, this new version is able to
download and install other e-threats, such as keyloggers, password stealers and
rogue antivirus (e.g. PC Antispyware 2010).

Data provided by BitDefender’s Real-Time Virus
Reporting System
shows an impressive spreading of Trojan.Downloader.Bredolab.CJ,
on the 15^th of January 2010, the most affected countries being United States, Germany
and France.

Country name	Infected systems %	Infected files %
United States	18.62	19.09
Germany	12.23	10.61
France	10.64	8.48
Spain	9.57	8.79
United Kingdom	4.79	5.76
Australia	3.72	8.18
India	3.19	2.12
Switzerland	3.19	5.76
Portugal	2.66	3.94
Mexico	2.13	1.21

Unfortunately, this increasing
trend continues to keep up: until the 18^th of January, in Germany, the total number of infected systems
grew for nearly 50%, in Australia,
with almost 200% and in United
Kingdom with just about 20%.

It is expected that
this kind of campaigns, fraudulently using very well known shipping brands
(like UPS, DHL, or US Postal Service) to continue and even to rise this year.
The social engineering behind proves to be efficient: whether the user really employs
the real-company’s services and he or she is expecting a package, or one thinks
that somebody sent him/her a gift, or someone is just curios to see the details
within the attachment. In all cases, the result is the same: open the file to
take a look inside and ultimately… get infected.

In order to stay safe, BitDefender recommends you to never open the attachments
coming from unknown contacts as well as to install and update a complete
antimalware software solution.