Hidden code in mail body of a fake DHL shipping notification

MartinAB

Level 1
Thread author
Jan 27, 2015
14
Hi,

we faced a flood of fake DHL shipping notification mails recently. The majority of mails contained a link and a PDF with the same link leading to a malware infected file. A couple of the reported mails I received by our employees contained a PDF where the malware code was already embedded in the PDF itself.

But strangely in a minority of emails (around 2 out of 100 reported ones) I found some hidden code in the mail body. The code was kept in super small font size and the color was set to white. On the first look you could not see that. Here is how it looks:
Mailbody.JPG

I copied the code into a TXT file and attached it to this post. The file name is "hidden code.txt".

Does anyone have a clue about what that code might be?? Anyone out there seen this kind of thing already before?

thanks
Martin
 

Attachments

  • hidden code.txt
    7.3 KB · Views: 439
L

LabZero

Hello I read now your thread.

Well, usually the danger that comes from mail is represented by the infected attachment.

But sometimes the virus can be contained in the "body" of the email. The virus writer can also spread malicious code "hiding" within the e-mail message. To do so use the HTML code. The HTML code, the programming code of websites, is an element of email, because it is used to embed images or links. Similarly, though, a cyber criminal can use it to embed malicious scripts that run automatically and infect your computer.

Of course delete this mail and scan your PC.

Regards.
 
Last edited by a moderator:

FireShootSK

Level 17
Verified
Feb 17, 2015
824
Hello MartinAB.

This email look like similiar how i get yesterday. This type of emails to infect PC using javascript who run malware code. For the code: i think it's only hidden message as Klipsh said or some abnormality create by bad email client. And last, is posible re-send me email to admin@phishingdb.eu?

Thanks
 
Last edited:

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Its a standardize code with different style which typically embedded for those unsolicited email, if you are running an extension like NoScript it should detect some unusual behavior of script; as much as possible its a dangerous which better conduct on isolated environment.
 

Malware1

Level 76
Sep 28, 2011
6,545
we faced a flood of fake DHL shipping notification mails recently. The majority of mails contained a link and a PDF with the same link leading to a malware infected file. A couple of the reported mails I received by our employees contained a PDF where the malware code was already embedded in the PDF itself.
Can you send me the links in a PM?
 
  • Like
Reactions: MartinAB

MartinAB

Level 1
Thread author
Jan 27, 2015
14
Hello MartinAB.

This email look like similiar how i get yesterday. This type of emails to infect PC using javascript who run malware code. For the code: i think it's only hidden message as Klipsh said or some abnormality create by bad email client. And last, is posible re-send me email to admin@phishingdb.eu?

Thanks
Hi,
I just forwarded the mail to the given mail address. the subject of the mail is "MartinAB from MalwareTips - Forwarded Mail as requested".
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top