Fake DHL delivery notification carries info-stealer Trojan

Malware peddlers have once again started a spam run that consists of emails purportedly sent by DHL.

They spoofed the sender information, making it look like the email was sent from” “DHL Express International Support “, and the subject line says that it’s a “DHL Express Notification for shipment for 26 Oct 2011,” says MX Lab.

Apart from the usual (legitimate) information about the company, the email contains a request not to reply to the email as it is used by an automated application and an invite to open the attached file for more details about the shipment:

When unzipped, the attached file revels an executable – DHL-Delivery-Notification-Message-102611.exe.

Users are advised to be on the lookout for this spam email and to delete it without opening, because the attached executable seems to be a Zbot Trojan variant that is currently detected only by a few AV solutions.

It is also good to known that the date in the subject line will probably be changed if the campaign continues for a few days, so slight variations of the email can be expected.