Bredolab trojan keeps on using DHL tracking emails to infect systems

Exploits:

News

font size: decrease font size increase font size
Rate this article
View Comments
Related content

MX Lab keeps on intercepting Bredolab variants where the DHL tracking story is present in the email. The From address is Manager Reinaldo Pelletier This e-mail address is being protected from spambots. You need JavaScript enabled to view it . The name of the person is choosen randomly and can be any combination of first and last name. The subject of the email is DHL Express Services. Please get your parcel NR.37888. [...]

MX Lab keeps on intercepting Bredolab variants where the DHL tracking story is present in the email.

The From address is Manager Reinaldo Pelletier < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >. The name of the person is choosen randomly and can be any combination of first and last name. The subject of the email is “DHL Express Services. Please get your parcel NR.37888″. The email contains the attachment DHL_Delivery_Label_089d97c.zip with DHL_Delivery_Label_089d97c.exe. Be aware, that the numbers in the filenames and subject can change randomly.

The body of the email:

Dear customer!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Print this label to get this package at our post office.

Thank you for attention.
DHL Services.

At the time of writting, only 14 of the 41 AV engines detected the virus. Virus Total permlink and MD5: 7e4fd271218525ea87787edd4443ffae.

Read Full Article

Written on Wednesday, 21 October 2009 12:42 by GSO

Viewed 127 times so far.
Like this? Tweet it to your followers!

Published in Subscribe to the RSS feed of Network Security & Hacking News Network Security & Hacking News / Subscribe to the RSS feed of Latest Security News Latest Security News

Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on Linux posted on Monday, 29 November 1999 16:00
Re: /proc filesystem allows bypassing directory permissions on Linux
Vuln: IBM Lotus Connections Mobile Activities Pages Cross Site Scripting Vulnerability posted on Monday, 26 October 2009 12:00
IBM Lotus Connections Mobile Activities Pages Cross Site Scripting Vulnerability
Bugtraq: Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow. posted on Monday, 29 November 1999 16:00
Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.
Bugtraq: Rising Multiple Products Local Privilege Escalation Vulnerability posted on Monday, 29 November 1999 16:00
Rising Multiple Products Local Privilege Escalation Vulnerability
Bugtraq: {PRL} Rising Firewall 2009 Privilege Escalation posted on Monday, 29 November 1999 16:00
{PRL} Rising Firewall 2009 Privilege Escalation

Latest 'tweets' from GovernmentSecurity

News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38

blog comments powered by Disqus

back to top

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

Site Search

Login Form

Disqus Tools