DHL Express Notification with the Trojan PWS-Zbot.gen.cc

DHL Express Notification with the Trojan PWS-Zbot.gen.cc is a fake package delivery e-mail that distributes Trojan PWS-Zbot.gen.cc by claiming that the attached file is a delivery notice. Although the DHL Express Notification message looks reasonably-legitimate, DHL Express Notification has no connection with any real package delivery service or tracking company, and should be deleted if found in your e-mailbox. If you've installed Trojan PWS-Zbot.gen.cc by accident, SpywareRemove.com malware experts advise you to be aware of the risk of PWS-Zbot.gen.cc stealing your private information, including login data for banking websites, passwords, cache-saved information and any data that's entered from your keyboard or visible on your monitor (via keylogging and screen captures). Since Trojans that are distributed by the DHL Express Notification scam are also known to infect normal system processes, it's strongly advised for you to use an anti-malware application if you need to remove Trojan PWS-Zbot.gen.cc from your PC.

The Consequences of Downloading a DHL Express Notification's Favorite Trojan

DHL Express Notification PWS-Zbot.gen.cc scams are presented in the form of randomly-distributed e-mail documents that mimic delivery notifications from DHL (an international delivery company). However, unlike a genuine delivery notice, a DHL Express Notification with the Trojan PWS-Zbot.gen.cc attack will include a .zip file attachment that contains the Zbot Trojan. A complete sample of one currently-known DHL Express Notification message is shown below:

DHL Express Notification for shipment for 26 Oct 2011.

AWB Number: 0193112309848
Pickup Date: 2011-10-26 17:21:00
Service: P
Pieces: 1
Cust. Ref:

Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa[dot]com or globally under http://xxx.dhl[dot]com/track
Please do not reply to this email. This is an automated application used only for sending proactive notifications

DHL is Part of the World’s Leading Logistics Group, Deutsche Post DHL DHL offers integrated services and tailored, customer-focused solutions for managing and transporting letters, goods and information. DHL: Four Divisions – One Brand – One Provider – All Your Solutions DHL comprises four divisions. These segments operate under the control of their own divisional headquarters. The Group management functions are performed by the Corporate Center. We have centralized the internal services which support the entire Group, including Finance Operations, IT and Procurement. This consolidation enables us to increase the flexibility of our business, improve service quality and leverage economies of scale and cost benefits. Customer Service Center at http://xxx.dhl[dot]com

If you attempt to launch the attached file, your PC will be infected by Trojan PWS-Zbot.gen.cc, an advanced backdoor Trojan and spyware program that's capable of initiating several types of attacks. SpywareRemove.com malware analysts have found that the most widely-used Trojan PWS-Zbot.gen.cc attacks include the following:

• Infecting normal system processes like winlogon.exe and explorer.exe.
• Infecting multiple drives, including network-shared locations and removable drives (such as USB devices).
• Stealing port number, IP, user name and passwords for FTP-management programs, including Total Commander, winscp, CoreFTP and FlashFXP.
• Stealing passwords and other information from Internet Explorer cookies, cached data files, certificates and other sources. Trojan PWS-Zbot.gen.cc will try to extract login info for sites like Full Tilt Poker and Windows e-mail accounts.
• Reducing the security of your web browsers, including Firefox and Internet Explorer, by setting many different security settings to zero.

What You Can Do to Put DHL Express Notification with the Trojan PWS-Zbot.gen.cc Back in Its Place

As long as you delete any DHL Express Notification spam e-mail messages, your computer should have minimal danger of being infected by Trojan PWS-Zbot.gen.cc (which is also known as W32/Zbot and Win-Trojan/Obfuscated.Gen). Since the DHL Express Notification scam was observed in late October of 2011, be certain to keep your anti-malware software just as up-to-date to make sure that it can identify and delete any DHL Express Notification Trojans.

If you are infected by PWS-Zbot.gen.cc, SpywareRemove.com malware analysts discourage trying to remove PWS-Zbot.gen.cc by yourself – this has a strong chance of failing or even damaging Windows. Utilize multiple scans in Safe Mode to make sure that your software has found all versions of PWS-Zbot.gen.cc, and scan your entire PC, including any removable drives. However, if you haven't interacted with the DHL Express Notification's file attachment, the e-mail itself can't do your PC any harm, although PWS-Zbot.gen.cc should be deleted as a matter of course.

Technical Details