Alerts

Malware spreading via fallacious message sent on behalf of DHL

You

Last days, a malware distribution
campaign using DHL brand as coverage started spreading through e-mails. The
original message states that DHL has a problem in delivering a parcel, because
the shipping address is wrong. In this case, the recipient of the notification is
guided to print an address label, attached to the mail as a .zip file and,
using it, to pick up his or her parcel from the post office.

DHL Message Malware

However,
the message is not from DHL and the claim that the delivery of a parcel failed
due to an address error is untrue. There is no parcel, the message being just a
trick designed to fool recipients into downloading the attachment.

Instead of an address label, the
users receive Trojan.Downloader.Bredolab.CJ,
a new breed of a Trojan very popular in malware
distribution campaigns employing delivery company names
. Once installed onto the system, this new version is able to
download and install other e-threats, such as keyloggers, password stealers and
rogue antivirus (e.g. PC Antispyware 2010).

DHL Virus

Data provided by BitDefender’s Real-Time Virus
Reporting System

shows an impressive spreading of Trojan.Downloader.Bredolab.CJ,
on the 15th of January 2010, the most affected countries being United States, Germany
and France.

Country name

Infected systems
%

Infected files %

United States

18.62

19.09

Germany

12.23

10.61

France

10.64

8.48

Spain

9.57

8.79

United Kingdom

4.79

5.76

Australia

3.72

8.18

India

3.19

2.12

Switzerland

3.19

5.76

Portugal

2.66

3.94

Mexico

2.13

1.21

Unfortunately, this increasing
trend continues to keep up: until the 18th of January, in Germany, the total number of infected systems
grew for nearly 50%, in Australia,
with almost 200% and in United
Kingdom with just about 20%.

It is expected that
this kind of campaigns, fraudulently using very well known shipping brands
(like UPS, DHL, or US Postal Service) to continue and even to rise this year.
The social engineering behind proves to be efficient: whether the user really employs
the real-company’s services and he or she is expecting a package, or one thinks
that somebody sent him/her a gift, or someone is just curios to see the details
within the attachment. In all cases, the result is the same: open the file to
take a look inside and ultimately… get infected.

In order to stay safe, BitDefender recommends you to never open the attachments
coming from unknown contacts as well as to install and update a complete
antimalware software solution
.

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.