Search This Blog

"Hello Dear" a DHL notification mail leads malware infection



Epic Failed: A mail that purportedly coming from DHL informs that user delivery Processing complete successfully.  The truth is that the mail is not coming from DHL. If you look into the starting word of the mail, you can easily identify it. The mail starts with "Hello Dear". 

The Spam mail :

Hello Dear,

DHL Express Tracking Notification: Mon, 11 Jun 2012 12:14:55 +0200

Custom Reference: 9057425-HRIEI2E4Q8C
Tracking Number: UT09-2041042911
Pickup Date: Mon, 11 Jun 2012 12:14:55 +0200
Service: AIR/GROUND
Pieces: 2

Mon, 11 Jun 2012 12:14:55 +0200 - Processing complete successfully
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.

Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track

Please do not reply to this email. This is an automated application used only for sending proactive notifications

Thanks in advance,
DHL Express International Inc.

The mail has a zip file attachment which contains malware.Sophos products detect the Windows malware as Troj/Agent-WMO. The attached filename can vary, but takes the form DHL_International_Delivery_Details-[random code].zip.

A typical email has a subject line of "DHL Express Parcel Tracking notification [random code]" or "DHL Express Tracking Notification ID [random code]" or "DHL International Notification for shipment [random code]"

Share it:

Spam Report