DHL Deja Vu: Tracking malware continues to hit inboxes

Even if you’re 53 years old, you’re probably still like me and get a childlike thrill whenever the doorbell rings and a delivery man hands you a parcel.

And it’s that desire to receive an unexpected package that hackers prey upon when they spam out messages claiming to come from the likes of DHL, FedEx and UPS, having failed to correctly deliver it to your address.

Today we’re seeing a lot of spammed-out email messages in our traps which use precisely this trick.

DHL malware email

A typical message (there are slight variations) reads:

Dear customer!

Unfortunately we were not able to deliver postal package which was sent on the 19th of July in time because the addressee's address is wrong.
Please print out the invoice copy attached and collect the package at our department.

Your DHL Delivery Services.

This isn’t the most sophisticated attack in the world. For instance, if you check the From: header you’ll find that the emails don’t even go to the effort of pretending to come from a DHL email address. But there may well still be a fair few people who click on the attachment without taking the right care and attention.

And if you open the file inside the attachment (called you will be infected by the Troj/BredoZp-E Trojan horse, handing control of your PC over to malicious hackers.

It’s worth repeating once again. Always be very very suspicious of unsolicited email attachments and make sure that your anti-virus software and anti-spam defences are kept properly up-to-date.