Malware peddlers have once again started a spam run that consists of emails purportedly sent by DHL.
They spoofed the sender information, making it look like the email was sent from” “DHL Express International Support
Apart from the usual (legitimate) information about the company, the email contains a request not to reply to the email as it is used by an automated application and an invite to open the attached file for more details about the shipment:
When unzipped, the attached file revels an executable – DHL-Delivery-Notification-Message-102611.exe.
Users are advised to be on the lookout for this spam email and to delete it without opening, because the attached executable seems to be a Zbot Trojan variant that is currently detected only by a few AV solutions.
It is also good to known that the date in the subject line will probably be changed if the campaign continues for a few days, so slight variations of the email can be expected.