Outline Email purporting to be from international mail delivery service DHL claims that a parcel has been sent to the recipient. The message advises the recipient to open an attached file to view the parcel tracking number and access more information about the delivery.
The email is not from DHL. The attachment contains malware that, once installed, can connect to malicious website and download additional malware components.
More information and the tracking number
are attached in document below.
2011 DHL International GmbH. All rights reserverd.
This crudely rendered malware message purports to be from international mail delivery service DHL. The message notifies the recipient that a parcel has been sent to his or her address and is expected to arrive within seven business days. It advises the recipient to open an attached file to retrieve a tracking number for the parcel along with more information about the delivery.
However, the email is certainly not from DHL and the attachment does not contain delivery information. Instead, the attachment harbours malware. Opening the attachment can install a trojan that can subsequently make connections to malicious websites and download additional malware modules. The malware can collect information from the infected computer and relay it back to Internet criminals.
Many recipients will quickly suspect that the message is not from DHL because of the very poor spelling and grammar. Moreover, DHL is very unlikely to contact customers via an unsolicited, generic email that contains delivery information in an attached file. DHL has been regularly targeted in the past by criminals intent on distributing malware. The names of other well-known delivery companies, including UPS and FedEx have also been repeatedly used by malware distributors. Another recent malware attack consisted of emails purporting to be from Post Express.