Archive for October, 2009

DHL Print Label – MALWARE

Tuesday, October 27th, 2009

I recently received the following email:

Hello!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address. 

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you,
DHL Global Forwarding Services.

There is a file attached DHL_print_label_cef3e.zip, do not open or run this file as it contains malware.

ThreatExpert behavioral analysis:
http://www.threatexpert.com/report.aspx?md5=8960322225b6a842bad87a285f028f5f

Anubis behavioral analysis:
http://anubis.iseclab.org/?action=result&task_id=1eddf69e4a1adce8441a785cef6c52879

See the Web of Trust (WOT) and MalwareURL reports for mmsfoundsystem .ru, a domain to which this malware phones home, and a related domain:

http://www.mywot.com/en/scorecard/mmsfoundsystem.ru
http://www.malwareurl.com/listing.php?domain=mmsfoundsystem.ru

http://www.mywot.com/en/scorecard/mmmserver.ru
http://www.malwareurl.com/listing.php?domain=mmmserver.ru

– 3Monkeys