Don’t open dhl_n756512.zip

Graham Cluley
@gcluley

We have been watching a large scale malicious spam campaign posing (once again) as an email from courier firm DHL.

Just like last time the messages claim that DHL tried to deliver a parcel from you on the 14th of March, and that you need to print out the attached invoice (contained inside dhl_n756512.zip) and bring it to their office.

Of course, opening dhl_n756512.zip is not to be recommended. It contains the Troj/Agent-JJP Trojan horse and will put the security of your computer into remote hackers.

The emails that are currently arriving in our spam traps, battering down like hailstones on a tin roof, all use the subject line “DHL Tracking number” but have a randomly generated reference number.

Of course, the hackers are bound to use this trick again. And it’s trivial for them to change the filename – so it’s not as simple…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.