Category Archives: delivery note

Fake DHL Shipment Notification delivers malware

Posted on by

Yet another email pretending to be a DHL Shipment Notification  with the subject of  Shipment Notification pretending to come from DHL but actually coming from dhl@paperattention.com  with a malicious word doc attachment  delivers some sort of malware…. Continue reading Fake DHL Shipment Notification delivers malware

Fake DHL “Alert! Shipment Notification” delivers Remcos RAT

Posted on by

A bit of a strange one to start off today. The word doc doesn’t want to run or run properly in most of the online sandboxes available to me. An email with the subject of “Alert! Shipment Notification”  pretending to come from  DHL but… Continue reading Fake DHL “Alert! Shipment Notification” delivers Remcos RAT

Fake delivery notification delivers some sort of keylogger, possibly Ramnit Banking Trojan

Posted on by

I have received something a bit weird and wonderful this Saturday morning. I can’t quite work out what malware it is supposed to deliver. I can’t get anything & Anyrun fails using a 32 bit VM. ( a subsequent run using a W10 64 VM and se… Continue reading Fake delivery notification delivers some sort of keylogger, possibly Ramnit Banking Trojan

Fake FedEx USPS UPS delivery notifications continue to deliver Kovter and ransomware

Posted on by

The gangs spreading malware via the “cannot deliver your parcel notifications” or “check where your parcel is”  spoofing FedEx, DHL, UPS, USPS etc. have changed delivery method. The emails are still very similar to the ones we are used to seeing with this sort of subject line. USPS issue #06914074: unable to delivery parcel Parcel #006514814 shipment problem, please review USPS parcel #3150281 delivery problem Continue reading → Continue reading Fake FedEx USPS UPS delivery notifications continue to deliver Kovter and ransomware

Fake FedEx USPS UPS delivery notifications continue to deliver Kovter and ransomware

Posted on by

The gangs spreading malware via the “cannot deliver your parcel notifications” or “check where your parcel is”  spoofing FedEx, DHL, UPS, USPS etc. have changed delivery method. The emails are still very similar to the ones we are used to seeing with this sort of subject line. USPS issue #06914074: unable to delivery parcel Parcel #006514814 shipment problem, please review USPS parcel #3150281 delivery problem Continue reading → Continue reading Fake FedEx USPS UPS delivery notifications continue to deliver Kovter and ransomware

fake DHL Tracking Number for shipment malspam delivers ransomware

Posted on by

Continuing with the never ending series of malware downloaders is an email with the subject of DHL Tracking Number for shipment 97 93745 186 ( random numbers)   pretending to come from DHL Corporation  with a link in email body to download a  file that will deliver what looks like ransomware I had a Continue reading → Continue reading fake DHL Tracking Number for shipment malspam delivers ransomware

big changes in fedex fake delivery emails. Now using macros

Posted on by

An email with the subject of FedEx Parcel #262844740, Delivery Unsuccessful  pretending to come from FedEx Customer Service <tamawuv52640888@soie.in> ( random email addresses)  with a malicious word doc attachment  delivers multiple malware We are used to seeing these fake FedEx and other parcel delivery services emails, but they usually contain zip files and js Continue reading → Continue reading big changes in fedex fake delivery emails. Now using macros

fake parcel delivery services malspam with word doc attachment delivers ursnif banking Trojan

Posted on by

A slightly different one today and I am not sure how many recipients will be infected by this. On my server, some are being delivered with the word doc attachment, but about half are just getting the email body with  an HTML attachment which has the same details as the email body and Continue reading → Continue reading fake parcel delivery services malspam with word doc attachment delivers ursnif banking Trojan

More fake DHL Fwd: DHL Redelivery Confirmation malspam delivering ursnif banking trojan

Posted on by

Continuing with the never ending series of malware downloaders is an email with the subject of Fwd: DHL Redelivery Confirmation #574068024996 ( random numbers) pretending to come from random companies, names and email addresses with a semi-random named zip attachment  which delivers  Ursnif banking Trojan. This is an updated version to this Continue reading → Continue reading More fake DHL Fwd: DHL Redelivery Confirmation malspam delivering ursnif banking trojan

massive malspam campaign delivering Ursnif banking Trojan via js files

Posted on by

We have been seeing a massive malspam campaign today delivering Ursnif banking Trojan via js files inside zips. There have been numerous different subjects and campaign themes I will detail some of them here: Our reference: 733092244 pretending to come from Eli Murchison <Hughchaplin@yahoo.de> Hotel booking confirmation (Id:022528) pretending to Continue reading → Continue reading massive malspam campaign delivering Ursnif banking Trojan via js files