Thursday, March 10, 2011
Spamvertised DHL Notification Malware Campaign
Sample filename: document.zip => DHL_notification.exe
Sample message: Dear customer. The parcel was send your home address. And it will arrice within 7 bussness day. More information and the tracking number are attached in document below. Thank you. 2011 DHL International GmbH. All rights reserverd - notice the typo.
DHL_notification.exe - Trojan-Spy.Win32.SpyEyes - Result: 27 /43 (62.8%)
MD5 : bda72e57d263241d52b1fe2ef014cba9
SHA1 : fa9dc14b100f1bf5124cd23c322c109b38a70675
Upon execution phones back to:
elsoplongt.com/rk`,jopbh/qwq - Email: firstname.lastname@example.org
lulango.com/rk`,jopbh/qwq - Email: email@example.com
erherg34gsafwe.com/xgate.php - AS49469, Email: firstname.lastname@example.org
Domains responding to:
This post has been reproduced from Dancho Danchev's blog.
Posted by Dancho Danchev at Thursday, March 10, 2011