The current wave of Trojans is bearing ever more interesting fruit. New in the range: the attachment is a PDF instead of the usual .ZIP archive.
There is this little mutation: a PDF should give the recipient a feeling of security.
PDF = virus free?
A PDF document is widely considered to be virus-free and therefore trustworthy. It is precisely this assumption that is exploited here . The entire PDF looks something like the image below, but may vary.
Sometimes there is an “ebay” logo in the document, sometimes there is a DHL logo at this point or there is no logo at all. The respective headings of the emails can also be slightly different, but the content tends to be the same.
Postal shipment for your order 14472227084
Announcement – shipment 43716375737
This PDF, which is now attached, is basically free of malware, that must be made clear. Here only the advance of trust in the false security is exploited. After opening the file, the classic image of the DHL Trojan appears:
Adobe Reader opened the file properly and you can find an old friend as the content:
Dear customers,
we are reporting on the shipment 003994756218. This shipment was successfully handed over to DHL.
Delivery is expected on Thursday, May 7th, between 3:00 p.m. and 8:30 p.m. Current status of your DHL shipment is available here.
Best regards, your DHL
Now here is the trick
The link to the malware is not written in the email, as is usually the case, but is packaged in a document that is classified as trustworthy. This makes it extremely difficult for a spam filter to identify this email as spam due to a dubious link.
, Adobe Reader warns
The reader clearly indicates that you are switching to a location on the Internet. Please also pay attention to the settings at this point, as you select a permanent setting by checking the box.
In this case, the link leads directly to a file that loads.
This file is now the .zip file with malicious content. Please do not open it and especially do not execute the file contents !
Fell into the trap?
1) Anyone who opens or has opened the file attachment and has also executed the content (this is the critical point!) should first have their PC scanned by their virus scanner .
2) Change all passwords to social networks, online shops, etc.
As a precaution, please also notify your bank or credit card company.
Your email account sends these emails itself?
If you get tons of error messages that your emails have not reached the recipient (and every minute), then your computer is infected and active in a botnet . Here, too, check the PC immediately and , if necessary, consult a local expert .
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )