Express Shipment Notification emails contain malware

Express delivery of a Trojan horse
Have you received an email with the subject line “Express Shipment Notification”?

If so, be on your guard – you could be at risk of infecting your Windows computers.

Online criminals have spammed out a large number of messages, claiming to come from DHL Express International, that are designed to install malware onto the computers of unsuspecting PC users.

Here is what a typical example of an email spammed out in the attack looks like:

Malicious email

DHL Express
Tracking Notification: 449762627

Custom Reference: 594078O440
Tracking Number: XFLNH94244
Pickup Date: Mon, 18 Mar 2013 12:39:03 +0100
Service: AIR
Pieces: 1

Mon, 18 Mar 2013 12:39:03 +0100 - Processing complete successfully
Refer to attached report for full details.

Attached to the emails is a ZIP file, containing malware. The filename of the ZIP file can vary, but takes the form “DHL” (where the ‘X’s are a random code).

Sophos products detect the malicious attachment as the Troj/BredoZp-S Trojan horse.

Of course, the emails don’t really come from DHL – and the fact that you may have received an email which has DHL in its “From:” field does not mean that any computer systems at DHL have been compromised, but just that the attackers have forged the email headers.

Time and time again we have seen cybercriminals using the disguise of shipping companies like DHL and FedEx to spread their malware attacks and hijack the computers of the unwary.

Your best protection is to not just run an up-to-date anti-virus, but also to live and breathe computer security in your every day life.

How do you do that? Well, you can start by learning to never open attachments in unsolicited emails – however tempted you might be.