Malware spammed out as fake DHL tracking notifications


Delivery manDisguising email as notifications of package deliveries is not a new trick, but cybercriminals keep using it.

And the reason they keep using this social engineering trick to infect users’ computers? Well, the answer is simple. It works.

Windows malware is being spammed out right now posing as tracking notifications from DHL.

It may appear to be a legitimate-looking email from DHL, but you should be wary about the attached file.

The latest incarnation of the attack uses emails similar to the following (the tracking notification number can vary):

Malicious email claiming to come from DHL. Click for larger version

Subject: DHL Tracking Notification ID: [random number]
From: "DHL International" <>

The most convincing thing about this email? No spelling mistakes.

Attached to the emails is a ZIP file which contains malicious code.

Again, the filename of the email’s attachment will vary from message to message but does take the following form:

DHL-Express-Delivery-Notification-Details_03-2012_[random id].zip

Sophos security products detect the malware as Mal/BredoZp-B and Mal/Zbot-FV, capable of allowing remote hackers to steal your information and take control of your Windows PC.

Computer users that use DHL to send and receive parcels may see nothing wrong in opening what looks like a legitimate email and may click on the attached zip file without a second thought.

By using big names, the fraudsters are attempting to trick more unsuspecting victims, and by changing the filename on each message, they’re able to avoid less sophisticated spam filters. All computer users need to watch out and be careful about any unsolicited file attachment they receive, no matter who it claims to come from.

Digital explosion image from Shutterstock.