Spam warning

Guest

Spam warning

Post by Guest » Thu Aug 12, 2010 8:40 am

The following E mail arrived at my computer in spite of many security measures ( double fire wall, anti virus and more ).
DHL is a well known courier service in Holland and we didn,t receive an alarm of our system.
The next morning we did receive a warning from our Norman - Sandbox that a trojan was discovered and removed.
This is the mail :
-----Original message-----
Van: DHL Manager William Mccollum [mailto:customer.manager@dhl.com]
Verzonden: woensdag 11 augustus 2010 12:27
Aan: XXXXXXXXXXX
Onderwerp: DHL Tracking NR 7029958335

Dear customer.

We were not able to deliver your package to your address.
However you can get your parcel in your local post office.

Attention!
The post label is attached to this e-mail.
We kindly ask you to print it and take it to the post office to pick up the package.

Thank you!

-----------------------------------------------------------------------

Take care all of you !

Guest

This is nothing new. They

Post by Guest » Thu Aug 12, 2010 9:09 am

This is nothing new. They have been sending fake DHL, Amazon and other e-mails like this for a long time with trojan downloaders attached. These are aimed at companies as many employees will simply open them due to high volumes of outgoing deliveries in order to keep track of orders sent.

www.issviews.com for views and news of the starte of digital security. Add your comments/.feedback on your existing security software to help others choose what's right for them and what isn't. Read up on the latest rogue software and threats too.

TheAnon
Posts: 720
Joined: Tue Oct 06, 2009 2:07 pm

Did you google for UPS SPAM?

Post by TheAnon » Thu Aug 12, 2010 9:12 am

Did you google for UPS SPAM? That was the first spamming issue probably of the same source. Now they just changed the name to DHL to have a bigger customer base in europe.

Edit1:
You answered quicker than me ISS :D
__________________________________________________________________
Platinum-Member of WOT-Community

Kraftwerk
Posts: 7981
Joined: Thu Nov 05, 2009 12:30 pm

spam

Post by Kraftwerk » Thu Aug 12, 2010 9:39 am

I think its not spam only.More important here is the trojan

Blueberry Cake Level Member of the WOT Community

Dutch Mountain
Posts: 2801
Joined: Wed May 12, 2010 5:20 pm

Thanks guys !

Post by Dutch Mountain » Thu Aug 12, 2010 2:18 pm

After the trojan came several times a large screen of "Windows Malware Doctor"with the warning of infection.
Duuh : I already knew. To clean that we had to register there, but I dropped that to trash.
It kept coming back, so I shut down and started the system again to do a System scan.
During that scan ( in the background ) a hacker tried to take over the system.
We've immidiately shut down our whole network and we will clean/ repair this afternoon.

BTW I heard from someone else that he also recieved the same mail.
But he,s on I Mac, so it doesn't harm him.

Any way, this is nasty, be carefull all of you !.

"Wotting" below sea level, safe (?) behind a "Dutch mountain", to create a better internet.

Dutch Mountain
Posts: 2801
Joined: Wed May 12, 2010 5:20 pm

Additional info

Post by Dutch Mountain » Thu Aug 12, 2010 2:24 pm

I,ve had a phone call from DHL that the problem is known to them and occurs worldwide.
Their security team is fighting that, but it's tough cause it 's widely spread out in their system.
The spam mails appear at random at some of their costumers with intervals in between.
It doesn't spread further with the use of your adressbook, luckily.

No one knows if it's connected to the use of their site, but that's unlikely. I didn't use their site lately.
So IMO it's no use to rate them down on their site.

The trouble comes from Vietnam, it's a "company'' who wants to earn $ 40 with fixing a problem they created themselves.
But there's no garantee that it will happen over and over again once you are a victim in their database.

Anyway : We are clean and have the system running again.

"Wotting" below sea level, safe (?) behind a "Dutch mountain", to create a better internet.

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

@ Celex

Post by c۞g » Thu Aug 12, 2010 5:45 pm

The email body text is useless...
can you post the original email's headers?
Knowing the source is helpful.

-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

Guest

@Dante v3.11 Hehe :D Reminds

Post by Guest » Fri Aug 13, 2010 12:06 am

@Dante v3.11

Hehe :D

Reminds me, the missus had a fake AOL account issue sent from some idiot in Brazil! The email looked genuine to her but she called me as there was doubt and a good thing too as it was clearly spam and probably loaded with some form of browser hijacker too. Thank god, this saved me some time sorting her pc out :D

www.issviews.com for views and news of the starte of digital security. Add your comments/.feedback on your existing security software to help others choose what's right for them and what isn't. Read up on the latest rogue software and threats too.

Guest

Confusing

Post by Guest » Fri Aug 13, 2010 6:51 am

Hi G7W : In the OP I mentioned the whole E mail. The words "original message" make it somewhat confusing, but I only pressd FW tot be able to copy the whole mail in one. Didn't really forward the mail to someone.
There isn't more than this in the text, the only thing I didn't mention was the zip file in the att.
It has the title" DHL_label_nr.145.zip ", but if you open this nothing appears on the screen.
Of course this is the trojan you mentioned earlier.
I shouldn't know how to transfer that zip file to this thread and I also don't want to because off the risk of spreading this out.
I can forward the mail to you, if you want that.
In that case leave a message with your E mail adress on the contactpage of my site www.celosia.eu
That is covered and doesn't unfold your mail adress in this forum.
BUT ! ! It,s your own choice and risk to handle that mail. I can only respect and secure your privacy, I won't store your mail adress and remove it directly after forwarding to you. But I'm not responsable for the contents of the mail.

peterbosch - "Wotting" below sea level, safe (?) behind a "Dutch mountain", to create a better internet.

Jazspeak
Posts: 7295
Joined: Fri Oct 17, 2008 4:20 pm

@ Celex

Post by Jazspeak » Fri Aug 13, 2010 8:45 am

I think that g7w is asking for the e-mail headers, which should give information about the source of the e-mail and how many 'hops' the e-mail might have taken to reach your system. Depending on which e-mail client software you are using, the headers can be found in the Properties dialogue for the e-mail and/or in the backtrace facility called "Message Source" under one of the menus.

-----------------------------

~Music is not just for the Masses~

Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests