Sloppy spelling scuppers DHL malware spam attack

Thank heavens for the poor education of cybercriminals!

If they had paid more attention to spelling and grammar at school (rather than mugging younger kids for their dinner money and inflicting chinese burns behind the bicycle sheds) then maybe some of their scams would be harder to spot.

Take this malware campaign that we are seeing being spammed out right now, for instance.

DHL malicious spam

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: DHL notification

Message body:
Dear customer.
The parcel was send your home address.
And it will arrice within 7 bussness day.

More information and the tracking number
are attached in document below.

Thank you.
2011 DHL International GmbH. All rights reserverd.

The email doesn’t really come from DHL, of course. This is just the latest in a long line of instances where cybercriminals have distributed malware attacks posing as communications from a delivery firm such as UPS or FedEx.

But take a closer look. There are 37 words in the body of that message, four of which are spelt incorrectly. That’s an almost 11% failure rate!

If the spelling mistakes and lack of professionalism weren’t enough to get your security sixth sense jangling, then hopefully your anti-virus would have identitifed that the attached file contains malware.

Sophos products detect the ZIP file proactively as Mal/BredoZp-B, and its Trojan horse contents as Troj/Agent-QQG.

I, for one, vote against improving the grammar and spelling of cybercriminals. We can’t rely on every malicious hacker being a poor communicator, but it certainly can help the general public identify when a message should be treated with suspicion.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.