DHL International Delivery email? Beware widespread malware attack

Why should malware authors show any creative flair and imagination? There’s no need, after all, if tried and trusted methods of infecting computers still work.

Take, for instance, the widespread malware campaign that has been spammed out across the internet today, posing as an email from DHL.

Malware-infected email claiming to come from DHL

A typical email has a subject line of “DHL Express Parcel Tracking notification [random code]” or “DHL Express Tracking Notification ID [random code]” or “DHL International Notification for shipment [random code]”

Sign up to our free newsletter.
Security news, advice, and tips.

The emails read similar to the following:

Hello Dear,

DHL Express Tracking Notification: Mon, 11 Jun 2012 12:14:55 +0200

Custom Reference: 9057425-HRIEI2E4Q8C
Tracking Number: UT09-2041042911
Pickup Date: Mon, 11 Jun 2012 12:14:55 +0200
Service: AIR/GROUND
Pieces: 2

Mon, 11 Jun 2012 12:14:55 +0200 - Processing complete successfully
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.

Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track

Please do not reply to this email. This is an automated application used only for sending proactive notifications

Thanks in advance,
DHL Express International Inc.

Attached to each email is a ZIP file, containing the malware. The attached filename can vary, but takes the form DHL_International_Delivery_Details-[random code].zip

Forklift truck. Image courtesy of ShutterstockSophos products detect the Windows malware as Troj/Agent-WMO.

Malicious emails that claim to come from courier companies are nothing new.

In fact, they are one of the most commonly used social engineering disguises deployed by cybercriminals to trick unsuspecting users into opening a malicious attachment or clicking on a dangerous link.

Make sure that you and your friends are wise to the trick – and think before you click.

Forklift truck image courtesy of Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.