New Attack Disguised as DHL Parcel Delivery Notice

Some malware attacks are exceedingly clever and innovative, while others just rely on tried and true techniques that are fairly reliable no matter how much users are told to avoid them. AppRiver is reporting a new threat that falls into this latter category–a fake DHL shipping receipt designed with a malicious file attachment.

DHL is not as recognizable in the United States as FedEx, or UPS, or plain old US Post Office shipping, but it is still an easily identified brand. On a global scale, DHL is better known, and there is a fair chance–although not significantly high–that any random e-mail recipient may have either shipped something with DHL, or may be expecting a shipment from DHL, and those are the users that are most likely to fall victim to this ploy.

The target audience for the particular threat identified by AppRiver is further limited by the fact that the malicious spam portion is in Spanish. According to an AppRiver blog post the message translates roughly to, “Due to an error in the shipping direction, we were unable to deliver your package. It can be picked up at the post office, but first you must print the postal label attached to this email.”

Clicking on the file attachment results in opening a compressed folder. The victim then must open the folder and execute the malicious file it contains in order for the attack to work. Sounds convoluted, but you’d be surprised how effective it can be. Years of malware scams have proven that there are more than enough gullible users on the Internet–gullible users who speak Spanish and are expecting a DHL shipment.

With the recent focus on the Zeus Trojan, the scourge of botnets, and the rise in Java attacks, it’s easy to forget that rudimentary attacks like this work just fine as well. Rogue antivirus products are another effective method of propagating malware that are being used effectively in recent malware attacks.

Let’s recap the common sense approach to avoiding malware attacks like this fake DHL shipping notification. A) If you don’t speak Spanish, just delete it. B) If you do speak Spanish, but you aren’t expecting a DHL shipment, just delete it. C) If you speak Spanish, and you’re expecting a DHL shipment, think for a second about the poorly written message and whether or not DHL would actually send such a thing. D) Remind yourself that no reputable company will send you an email with a file attachment like this.

Bottom line–delete the e-mail. If you speak Spanish and you’re expecting a DHL shipment and you honestly feel it could be legitimate, delete the e-mail, then visit the DHL Web site or give it a call and check on the status of your package.