DHL Spam Delivers Malware Right to Your Email Inbox

DHLStay on your guard, another round of DHL spam is hitting inboxes.

Why? To infect your computer with malware of course!

Yes, the real delivery associated with DHL spam is the Win32/Gamarue.F worm contained within the “DHL delivery ticket.zip” archive attached to the email.

Should Gamarue.F may its way onto your PC, it will connect to remote servers to download arbitrary files and spread to removable storage drives when the opportunity arises.

According to a VirusTotal email scan report, only 13/42 antivirus applications will detect the malware, so here’s to hoping you have one of them should you make the mistake of downloading and opening the file.

Thankfully it won’t be terribly difficult to spot the DHL spam emails if they’re anything like the two copies we got. Although the spam messages came from spoofed DHL.com email addresses (MaximilianGiannavola[AT]dhl.com & MeredithVink[AT]dhl.com), they were addressed to one of the other recipients, which were all visible in the “To:” field.

Here’s a copy of one of the emails we received:

DHL Spam

Dear [EMAIL], with this message we notify you that shipment at your destination, tracking ID  #348175, has FAILED  due to an address mismatch. To claim your parcel please  print out the attached document and contact DHL US support

Feel free to contact us with any further questions.

If you would like to speak to a DHL Express Support Agent, please call the DHL Service Desk at 1-800-527-7298.

What to Do If You Receive DHL Spam

Did a DHL spam message like the one shown above arrive in your inbox? We advise you to do the following:

  • Avoid downloading or opening any attached files.
  • Delete the email immediately.

DHL is aware of the emails going around (after all, this is not the first batch to be sent) and have already posted an advisory notice on their website.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, malware, spam and tagged , , , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5