Why? To infect your computer with malware of course!
Yes, the real delivery associated with DHL spam is the Win32/Gamarue.F worm contained within the “DHL delivery ticket.zip” archive attached to the email.
Should Gamarue.F may its way onto your PC, it will connect to remote servers to download arbitrary files and spread to removable storage drives when the opportunity arises.
According to a VirusTotal email scan report, only 13/42 antivirus applications will detect the malware, so here’s to hoping you have one of them should you make the mistake of downloading and opening the file.
Thankfully it won’t be terribly difficult to spot the DHL spam emails if they’re anything like the two copies we got. Although the spam messages came from spoofed DHL.com email addresses (MaximilianGiannavola[AT]dhl.com & MeredithVink[AT]dhl.com), they were addressed to one of the other recipients, which were all visible in the “To:” field.
Here’s a copy of one of the emails we received:
Dear [EMAIL], with this message we notify you that shipment at your destination, tracking ID #348175, has FAILED due to an address mismatch. To claim your parcel please print out the attached document and contact DHL US support
Feel free to contact us with any further questions.
If you would like to speak to a DHL Express Support Agent, please call the DHL Service Desk at 1-800-527-7298.
What to Do If You Receive DHL Spam
Did a DHL spam message like the one shown above arrive in your inbox? We advise you to do the following:
- Avoid downloading or opening any attached files.
- Delete the email immediately.
DHL is aware of the emails going around (after all, this is not the first batch to be sent) and have already posted an advisory notice on their website.