DHL malware campaign strikes again, designed to infect Windows PCs

Filed Under: Featured, Malware, Spam

Delivery manIs there anybody who regularly reads Naked Security who isn't familiar with malware attacks posing as email notifications regarding failed parcel deliveries?

Once again, we are seeing a widespread malware campaign spammed out - this time pretending to be regarding an aborted attempt to send a parcel via DHL to the recipient's address.

But on other occasions we've seen very similar threats pretending to be from UPS or Fedex and others.

Here's what a typical email in today's attack looks like, complete with a DHL corporate logo in the header and the subject line "DHL Package delivery status":

DHL malware campaign

Dear [name derived from email address], with this message we notify you that delivery at your destination, tracking ID #[number], has FAILED due to an address discrepancy. To obtain your delivery please print out the attached document and contact DHL US support

Feel free to contact us with further questions.

Attached to the email is a file, DHL, which contains malware designed to infect Windows computers.

Sophos products detect the attack as Mal/BredoZp-B and Troj/Zbot-BWI.

Of course, the emails are not really from DHL. As always, you should be very very suspicious of unsolicited email attachments and make sure that your anti-virus software is properly updated.

, ,

You might like

7 Responses to DHL malware campaign strikes again, designed to infect Windows PCs

  1. Jam-Jul Lison · 1203 days ago

    There is also one going around pretending to be from amazon. They tell you the thing you ordered has been canceled. If I remember right then they try to get you to click on it to view it. So far as far as I know it is only sent to someone with an amazon account. I haven't gotten one on my main email. Just the one I use for amazon. My mom got an email saying it as well. Well she clicked on a thing to try to check it out and it tried to install a trojan on her computer. It is just a good thing her avast caught it. I on the other hand knew it was fake right away. Though I did open up amazon in a new tab just to go check to be sure my account hadn't been hacked. Which it hasn't been. No trace of this so called order.

    • Nathan · 1203 days ago

      I had the same problem, luckily my mum asked me to give her the scoop on it first! I did send a email off to amazon about it though!

  2. Bernadette · 1203 days ago

    I got caught a while ago with this one ....nasty....and I was expecting a package!!!

  3. IronBard · 1203 days ago

    I haven't received the failed package delivery email but, I have been receiving order canceled emails from "Amazon." Of course, I had not ordered what the emails claim I canceled so I knew these were bogus. But they do look official to the unsuspecting person.

  4. w. austin · 1203 days ago

    I've received quite a few of these "Failed Package" notifications. I live in Australia and nobody I know uses DHL, so I just delete them . But I guess people in the U.S could be easily caught.

  5. Joke5 · 1203 days ago


    Move your mouse over the links in your "cancelled order" see if it is something not <a href="" target="_blank"> or <a href="" target="_blank"> and bang - you have spotted a spam/scam.

    Also a good indicator is indeed the fact that if you have not ordered anything, you have not canceled anything...

  6. Robert Wurzburg · 1203 days ago

    I've been receiving both Amazon and DHL malicious emails in the past 10 days with
    different order numbers and tracking numbers every time.

    I forwarded some of the Amazon to Sophos casre of the editor, she told me it was for
    some male enhancement link it takes you to.

    This is the first I have heard of the Amazon emails being malicious. I was sure that
    the DHL are. I don't even open these emails and haven't for years. DO NOT OPEN
    EMAILS FROM UNKNOWN SENDERS! Repeat after me....

    Wake up people there is a damn good reason they end up in your spam or bulk email
    folder depending what service you use! The emails are from known spam sites, or malicious websites using forged headers in the emails.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley