Mx Lab spotted A Spam mail with the subject “DHL Delivery Notification Message 5SE1M4FDO07A6DKVL” – the combination of letters and numbers may change .
The email is send from the spoofed address “DHL Express <noreply@dhl.com>”
This Spam mail has a Zip File attachment with the name "Delivery–Tracking–Notification–DHL–EXPRESS–0ZZICVEE.zip". The zip file contains the 203 kB large file Delivery_Tracking_Notification-nov2011_DHL-EXPRESS-INTERNATIONAL.exe.
McAfee detect it as PWS-Zbot.gen.hb (McAfee) and Sophos detect it as Troj/Bredo-MM .
The Spam Mail:
The email is send from the spoofed address “DHL Express <noreply@dhl.com>”
This Spam mail has a Zip File attachment with the name "Delivery–Tracking–Notification–DHL–EXPRESS–0ZZICVEE.zip". The zip file contains the 203 kB large file Delivery_Tracking_Notification-nov2011_DHL-EXPRESS-INTERNATIONAL.exe.
McAfee detect it as PWS-Zbot.gen.hb (McAfee) and Sophos detect it as Troj/Bredo-MM .
The Spam Mail:
DHL Express Tracking Notification: Wed, 30 Nov 2011 01:16:39 +0200
Custom. Reference: TF2APLTEGGQAN 65290
P. Tracking Number: 4830615 NM7WEPS48CR5L
Pickup Date: Wed, 30 Nov 2011 01:16:39 +0200
Service: SEA
Pieces: 2
Wed, 30 Nov 2011 01:16:39 +0200 – Processing complete
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.
Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track
Please do not reply to this email. This is an automated application used only for sending proactive notifications
Thanks,
DHL Express International.