MX Lab started to intercept a new trojan distribution campaign by email with the subject “DHL Service. Error in delivery addres number 452″ – number at the end may vary.
The email is send from the spoofed address “DHL Global Mail <services.id8852@dhl.com>” and has the folowing body:
Dear customer.
We were not able to deliver your package to your address.
Reason: Error in delivery address.
Please attention!
Get your parcel in your local post office.
The postal label is attached to this e-mail.
We kindly ask you to print it and take it to the post office to pick up the package.
Thank you!
DHL Customer Service.
The attached zip file has the name DHL_Print_Label_ID4114.zip and contains the 36 kB large file DHL_Print_Label_ID4114.exe.
The trojan is known as Win32:Trojan-gen (Avast), Trojan-Downloader:W32/Oficla.HR (F-Secure), TrojanDropper:Win32/Oficla.T (Microsoft), Trojan-Dropper/W32.Agent.36864.GH (Norman).
Virus Total permlink and MD5: 9ffc6994a66be0d8667550a0e9ed80ea.
View full post on mxlab – all about anti virus and anti spam
Related Posts
- “United Parcel Service notification 48161” from UPS contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan variant distribution campaign by email with the subject “United Parcel Service notification 48161”, where the number in the subject may v... - “Facebook Support. Your password has been changed!” contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Facebook Support. Your password has been changed! ID09687″. Note that the nu... - Post Express Service package delivery failure email has malware attached
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “”Post Express Service. Package is available for pickup! NR1535″.
The email is send fr... - Email with new password from Facebook Support contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the message that your facebook account has been blocked because of spam that was sent from your accou... - Emails regarding an attached resume contains a trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email regarding a resume. The following subjects are possible:
Attached please find.
Here’s the file you w... - “New Facebook password!” emails contains W32/Oficla.BC trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “New Facebook password!”
The email is send from the spoofed address “&#... - Email with Guys & Dolls ZIP file contains trojan
MX Lab intercepted some emails with the subject “Ad third try” with attached a ZIP file named Guys & Dolls_displayad.zip.
The message comes from a spoofed email address and has the fol... - “You’ve got a fax” emails contains a trojan
MX Lab just intercepted some samples of a new trojan attached to emails with the subject “You’ve got a fax”. The body of the message contains an embedded JPEG file and attached a ZIP... - Email regarding Western Union transaction contains the Oficla trojan
MX Lab intercepted a new trojan variant in emails with the subject “The transfer is available to withdrawl. Western Union.” regarding a money transaction. The email is sent from the spoofe... - Messages with the YouSendIt Reader contains the Bredolab trojan
After our first report earlier today of the YouSendIt abuse that leads to a malicious payload and spam web site, MX Lab now intercepted messages with the subject “You have received a file from f...
Posted on 04 September 2010. Tags: “DHL, 452″, addres, contains, Delivery, error, number, Service, Trojan
