Researchers at internet security firm SonicWALL warned Thursday of a new outbreak of trojan-laden spam claiming to come from shipping company DHL. The emails tell the recipients that the company has been unable to deliver a package and advises them to print out the ZIP file attachment. The message claims that the attachment is an invoice copy, but it actually is the data-stealing Buzus trojan disguised as a Microsoft Help or Word document. SonicWALL, in a blog post, said it has received 1,700 copies of the fraudulent email since Sunday. -DK
One campaign posed as an HR department mandating vaccine information, another leveraged an XSS flaw to disguise a malicious download, and a third leveraged Verizon's Vzwpix service to mass-distribute emails.