Express Shipment Notification emails contain malware

Express delivery of a Trojan horseHave you received an email with the subject line “Express Shipment Notification”?

If so, be on your guard – you could be at risk of infecting your Windows computers.

Online criminals have spammed out a large number of messages, claiming to come from DHL Express International, that are designed to install malware onto the computers of unsuspecting PC users.

Here is what a typical example of an email spammed out in the attack looks like:

Malicious email

DHL Express
Tracking Notification: 449762627

Custom Reference: 594078O440
Tracking Number: XFLNH94244
Pickup Date: Mon, 18 Mar 2013 12:39:03 +0100
Service: AIR
Pieces: 1

Mon, 18 Mar 2013 12:39:03 +0100 – Processing complete successfully
Refer to attached report for full details.

Attached to the emails is a ZIP file, containing malware. The filename of the ZIP file can vary, but takes the form “DHL” (where the ‘X’s are a random code).

Sophos products detect the malicious attachment as the Troj/BredoZp-S Trojan horse.

Of course, the emails don’t really come from DHL – and the fact that you may have received an email which has DHL in its “From:” field does not mean that any computer systems at DHL have been compromised, but just that the attackers have forged the email headers.

Time and time again we have seen cybercriminals using the disguise of shipping companies like DHL and FedEx to spread their malware attacks and hijack the computers of the unwary.

Sign up to our free newsletter.
Security news, advice, and tips.

Your best protection is to not just run an up-to-date anti-virus, but also to live and breathe computer security in your every day life.

How do you do that? Well, you can start by learning to never open attachments in unsolicited emails – however tempted you might be.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.