DHL Ship Notification Service Malicious Email
Mar 12, 2014
May 6, 2013
Do not click on the links or follow the instructions in the malicious "DHL Ship Notification Service" email message below. This message was created by scammers or hackers to trick you into clicking on the links in it, which will take you to a malicious website that will infect your computer with a malicious computer program called a Trojan Horse.
Please continue reading below.
The "DHL Ship Notification Service" Malicious Email
From: "Express Mail" firstname.lastname@example.org
Date: May 3, 2013, 11:32:13 PM EST
Subject: Ship Notification Service
Reply-To: "Express Mail" <email@example.com>
If the links are not working, please move message to "Inbox" folder.
DHL PACK STATION
DHL Ship Shipment Notification
On May 1, 2013 a shipment label was printed for delivery.
The shipment number of this package is 77390249.
To get additional info about this shipment use any of these options:
1) Click the following URL in your browser:
Get Shipment Info
2) Enter the shipment number on tracking page:
For further assistance, please call DHL Customer Service. For International Customer Service, please use official DHL site.
This message was created by DHL Ship, a product of DHL, at the request of the sender. No authentication of email address has been performed.
Deutsche Post DHL 2013 DHL International GmbH. All rights reserved.
Clicking on any of the links in this email message will take you to the following website:
It appears that this website was hacked and the malicious web page "/images/index.php" was placed on it. The page will automatically download the zip file "Shipping-Detail.zip" that contains the malicious Trojan horse "Shipping Detail.exe".
The file "Shipping Detail.exe" was scanned at http://virustotal.com and the following antirvirus software detected the Trojan horse:
Antivirus - Threat
Avast - Win32:Crypt-OQO [Trj]
ByteHero - Trojan.Malware.Obscu.Gen.004
ESET-NOD32 - a variant of Win32/Kryptik.AYMJ
Fortinet - W32/Kuluoz.ABY!tr.dld
GData - Win32:Crypt-OQO
Kaspersky - Trojan-Downloader.Win32.Dofoil.pog
Malwarebytes - Trojan.Downloader
McAfee - Artemis!F27B3B05B52B
McAfee-GW-Edition - Heuristic.BehavesLike.Win32.Suspicious-BAY.K
Sophos - Mal/Weelsof-D
VIPRE - Trojan.Win32.Kuluoz.b (v)
If you receive this email message, please delete it. If you receive an email notification from an organization, the wise thing to do is, go directly to that organization's website and view the information from there, instead of clicking on the links in it. Therefore, always go directly to DHL website at http://www.dhl.com/ and track your shipment from there.
Remember to leave your comment and read the ones made by others below. And, please report malicious, phishing or scam email messages, social media posts and websites to us. You may click here to contact us, or forward the email messages to: firstname.lastname@example.org .
Alert and help your family and friends by sharing this article with them: