Malware spammed out as fake DHL tracking notifications

Filed Under: Featured, Malware, Spam

Delivery manDisguising email as notifications of package deliveries is not a new trick, but cybercriminals keep using it.

And the reason they keep using this social engineering trick to infect users' computers? Well, the answer is simple. It works.

Windows malware is being spammed out right now posing as tracking notifications from DHL.

It may appear to be a legitimate-looking email from DHL, but you should be wary about the attached file.

The latest incarnation of the attack uses emails similar to the following (the tracking notification number can vary):


Malicious email claiming to come from DHL. Click for larger version

Subject: DHL Tracking Notification ID: [random number]
From: "DHL International" <notice@dhl.be>

The most convincing thing about this email? No spelling mistakes.

Attached to the emails is a ZIP file which contains malicious code.

Again, the filename of the email's attachment will vary from message to message but does take the following form:

DHL-Express-Delivery-Notification-Details_03-2012_[random id].zip

Sophos security products detect the malware as Mal/BredoZp-B and Mal/Zbot-FV, capable of allowing remote hackers to steal your information and take control of your Windows PC.

Computer users that use DHL to send and receive parcels may see nothing wrong in opening what looks like a legitimate email and may click on the attached zip file without a second thought.

By using big names, the fraudsters are attempting to trick more unsuspecting victims, and by changing the filename on each message, they're able to avoid less sophisticated spam filters. All computer users need to watch out and be careful about any unsolicited file attachment they receive, no matter who it claims to come from.

Digital explosion image from Shutterstock.

, ,

You might like

13 Responses to Malware spammed out as fake DHL tracking notifications

  1. Wanda Goff · 948 days ago

    I have received emails claiming to be from DHL and FED EX. The best thing I can tell anyone is don't open the email, go directly to DHL or FED EX website if you want to track a package, also, their website tells you about known scams to get into your computer.

  2. One of my friend was infected with this.

  3. Chris Dotson · 948 days ago

    I got one from UPS CampusShip.

  4. We can only confirm this. This kind of attack is anything but new but we've been seeing a sharp increase since about 10 p.m. CET last night. Since then we have seen a four-time increase in the total amount of malware-carrying spam, mostly from Asia (Taiwan, Singapore, Vietnam).

  5. KAA · 948 days ago

    Fed-Ex, DHL and the Post office (USPS) I've had all three... My Spam folder was full and Yahoo sent it to there automatically...

    Im on an apple with windows....

  6. nohc4 · 948 days ago

    Yes I got one from one of the jerks of the Nigerian Scam saying he's an FBI officer and that I have to claim a prize or some sort of Lottery shit! and requesting personal info and providing me tracking number for packages, what a dick!!

  7. Nick · 948 days ago

    I thought the Bredo botnet was taken down. Same group or what?

  8. Guest · 948 days ago

    In addition to DHL and Fedex, I also see spam coming from the USPS (United States Postal Service). More recently, there's been mail supposedly coming from Youtube telling me my video has been moved to the top of the list (yeah right).

  9. Nath · 948 days ago

    Do the previous commenters have some sender addresses they can share?

  10. william · 948 days ago

    Yes, I've received them , but deleted them immediately.

  11. "gunner" · 947 days ago

    i've had scam spam from all of the above, if i've ordered nothing either online or by mail i ignore the scam mail. if i am expecting a package delivery i go straight to the shipping company's tracking web site, not via the scam link. i don't believe in pennies from heaven, fairy godmothers or strangers from far away places wanting to make me rich beyond dreams of avarice.

  12. Nate · 541 days ago

    Fedex spams can be sent to: abuse@fedex.com

  13. I had THREE DHL emails today, July 21, 2013 arrive in my Junk Mail, so it ain't over yet and the "Fat Lady" hasn't sung, so to speak!
    LindaSView

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.