Danger lies in bogus emails claiming to be from DHL and Facebook

Graham Cluley
Graham Cluley
@[email protected]

Malicious hackers are posing as DHL and social networking site Facebook in their latest attempts to infect computers with malware. Today we are seeing widespread spam campaigns being cannoned around the world, posing as messages from the companies.

However, files attached to the emails carry Trojan horses that can allow cybercriminals to comandeer your computer for their own purposes.

Dangerous DHL Services email, carrying malware

A typical email reads as follows:

Sign up to our free newsletter.
Security news, advice, and tips.


The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly.

Please attention!
The shipping label is attached to this e-mail.
Print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox!

Thank you,
DHL Services.

You would have hoped that a genuine message from DHL would have at least seen a sniff of a spell-checker, wouldn’t you?

Nevertheless, if the above is enough to fall you, then you might be tempted to open the attached file – DHL_Label_73719.zip. That wouldn’t be a good idea though as it contains a Trojan horse, detected by Sophos as Troj/BredoZp-S.

And the bad guys aren’t only relying upon the disguise of a DHL delivery to infect your Windows computer. They are also exploiting the huge popularity of Facebook (350 million users and counting), by sending out messages claiming that the receipient’s Facebook password has been changed for security reasons.

Fake Facebook password reset email

The email reads as follows:

Hey <name> ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Your Facebook.

Attached to the email is a file called Facebook_Password_48f29.zip, and is detected by Sophos as Troj/BredoZp-P.

Both Trojan horses contain the ability to access the internet and communicate with a remote server via HTTP, opening a backdoor for hackers to gain control over your computer. Effectively, if your computer is infected it is now part of a botnet – meaning that hackers can use it for a number of nefarious purposes including stealing identity information, relaying spam or launching distributed denial-of-service attacks.

You should always be extremely suspicious of any unsolicited email which arrives out of the blue, encouraging you to open an attachment.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.