Mail pretending to come from the German Post delivers malware

German readers will laugh when reading the text in original, received via a recent spam campaign.

In a free translation, the original text written more in a German slang would translate to:

Dear customer,

Our postman couldn’t deliver a package to your address. 

Reason: an error in the address

You can get your package in Post Office personally.

You can find a postal label attached. You should print it in order be able to get your package in the Post Office.

 

Attached to the email is a ZIP archive of 66 KB containing two files:

___________________________________code_de32146835 with the size of 0 bytes

and Postetikett_Deutsche_Post_AG_DE.exe with a size of 69.7 KB

It seems that the time of spams containing archives with malware is back.

We are looking forward to see how this evolves this time.

 

 

Avira detects the executable as TR/Barys.EB.34 and if you can see a detailed description of the malware just read the report of VirusTotal.

All Avira customers should protected since a couple of days already, but to make sure, just run an update manually.

 

Sorin Mustaca

Data Security Expert