TOKYO (MacHouse) – An organized cyber criminal circulated a spam message a while ago. It’s similar to the one involving UPS that we reported first at the beginning of the month. This time, it involves DHL. The message is titled DHL Delivery Problem NR.76933. Sender is shown as firstname.lastname@example.org though that’s not the actual one. The body of the spam message goes
Unfortunately we were not able to deliver postal package you have sent on the 4th of March in time
because the recipient’s address is incorrect.
Please print out the invoice copy attached and collect the package at our office.
DHL Services. (See Screenshot 01.)
Screenshot 01 – Source:
As shown in Screenshot 01, the spam message comes with a ZIP attachment. This attachment appears to contain an executable program, which is likely to be a piece of malware just as with the case before.
Taking a quick look at the source code of the spam message, it seems that the spam message was circulated through a server run by a county in Wyoming. The cyber criminal seems to have gotten access to Natrona County‘s mail server (mail2.natronacounty-wy.gov) somehow. At the time of writing this report, Natrona County’s website was not accessible.