Archive for October, 2009

DHL Print Label – MALWARE

Tuesday, October 27th, 2009

I recently received the following email:


The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address. 

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you,
DHL Global Forwarding Services.

There is a file attached, do not open or run this file as it contains malware.

ThreatExpert behavioral analysis:

Anubis behavioral analysis:

See the Web of Trust (WOT) and MalwareURL reports for mmsfoundsystem .ru, a domain to which this malware phones home, and a related domain:

– 3Monkeys