[real-eyes] Sloppy spelling scuppers DHL malware spam attack
- From: Steven Clark <kcpadfoot@xxxxxxxxx>
- To: real-eyes@xxxxxxxxxxxxx
- Date: Tue, 08 Mar 2011 09:13:04 -0600
The following is from:
http://www.securitybloggersnetwork.com/
Sloppy spelling scuppers DHL malware spam attack
by NAKED SECURITY - SOPHOS on
2011-03-08
MARCH 8, 2011
in
SBN
Thank heavens for the poor education of cybercriminals!
If they had paid more attention to spelling and grammar at school
(rather than mugging
younger kids for their dinner money and inflicting chinese burns behind
the bicycle
sheds) then maybe some of their scams would be harder to spot.
Take this malware campaign that we are seeing being spammed out right
now, for instance.
DHL malicious spam
Subject: DHL notification
Message body:
Dear customer.
The parcel was send your home address.
And it will arrice within 7 bussness day.
More information and the tracking number
are attached in document below.
Thank you.
2011 DHL International GmbH. All rights reserverd.
The email doesn't really come from DHL, of course. This is just the
latest in a long
line of instances where cybercriminals have distributed malware attacks
posing as
communications from a delivery firm such as UPS or FedEx.
But take a closer look. There are 37 words in the body of that message,
four of which
are spelt incorrectly. That's an almost 11% failure rate!
If the spelling mistakes and lack of professionalism weren't enough to
get your security
sixth sense jangling, then hopefully your anti-virus would have
identitifed that
the attached DHL_document.zip file contains malware.
Sophos products detect the ZIP file proactively as
Mal/BredoZp-B
, and its Trojan horse contents as
Troj/Agent-QQG
.
I, for one, vote against improving the grammar and spelling of
cybercriminals. We
can't rely on every malicious hacker being a poor communicator, but it
certainly
can help the general public identify when a message should be treated
with suspicion.
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
