Malware spammed out as fake DHL tracking notifications

Delivery manDisguising email as notifications of package deliveries is not a new trick, but cybercriminals keep using it.

And the reason they keep using this social engineering trick to infect users’ computers? Well, the answer is simple. It works.

Windows malware is being spammed out right now posing as tracking notifications from DHL.

It may appear to be a legitimate-looking email from DHL, but you should be wary about the attached file.

Sign up to our free newsletter.
Security news, advice, and tips.

The latest incarnation of the attack uses emails similar to the following (the tracking notification number can vary):


Malicious email claiming to come from DHL. Click for larger version

Subject: DHL Tracking Notification ID: [random number]
From: "DHL International" <[email protected]>

The most convincing thing about this email? No spelling mistakes.

Attached to the emails is a ZIP file which contains malicious code.

Again, the filename of the email’s attachment will vary from message to message but does take the following form:

DHL-Express-Delivery-Notification-Details_03-2012_[random id].zip

Sophos security products detect the malware as Mal/BredoZp-B and Mal/Zbot-FV, capable of allowing remote hackers to steal your information and take control of your Windows PC.

Computer users that use DHL to send and receive parcels may see nothing wrong in opening what looks like a legitimate email and may click on the attached zip file without a second thought.

By using big names, the fraudsters are attempting to trick more unsuspecting victims, and by changing the filename on each message, they’re able to avoid less sophisticated spam filters. All computer users need to watch out and be careful about any unsolicited file attachment they receive, no matter who it claims to come from.

Digital explosion image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.