Search This Blog

"Hello Dear" a DHL notification mail leads malware infection

Epic Failed: A mail that purportedly coming from DHL informs that user delivery Processing complete successfully.  The truth is that the mail is not coming from DHL. If you look into the starting word of the mail, you can easily identify it. The mail starts with "Hello Dear". 

The Spam mail :

Hello Dear,

DHL Express Tracking Notification: Mon, 11 Jun 2012 12:14:55 +0200

Custom Reference: 9057425-HRIEI2E4Q8C
Tracking Number: UT09-2041042911
Pickup Date: Mon, 11 Jun 2012 12:14:55 +0200
Pieces: 2

Mon, 11 Jun 2012 12:14:55 +0200 - Processing complete successfully

Shipment status may also be obtained from our Internet site in USA under or Globally under

Please do not reply to this email. This is an automated application used only for sending proactive notifications

Thanks in advance,
DHL Express International Inc.

The mail has a zip file attachment which contains malware.Sophos products detect the Windows malware as Troj/Agent-WMO. The attached filename can vary, but takes the form DHL_International_Delivery_Details-[random code].zip.

A typical email has a subject line of "DHL Express Parcel Tracking notification [random code]" or "DHL Express Tracking Notification ID [random code]" or "DHL International Notification for shipment [random code]"

Share it:

Spam Report