UPS malware now sent via DHL!

For the 3rd day running we are seeing vast quantities of email-attached malware. Today the spoofed sender was DHL with subjects like “DHL Express Service”. The emails included standard test such as: 

Dear customer.

The parcel was sent your home address.

And it will arrive within 3 business day.

More information and the tracking number are attached in document below.

Thank you.

© 1994-2011 DHL Express Services, Inc.

In their desperation to push out more malware today the senders seem to have overlooked the required filename change – the “DHL.zip” files are now carrying …… UPS.exe (as distributed in the last 2 days).

There is a clear push to build a large number of infected computers – maybe an attempted botnet rebuild following the demise of Rustock in mid-March? The graph below shows the malware portions of daily email (orange line), with large daily outbreaks clearly visible.