Previous     Next
Warning: JavaScript is turned off! Some features on this website will not work without it.

Beware of "DHL Ship Notification Service" Virus Emails

Beware of "DHL Ship Notification Service" Virus Emails

Recipients of the email message below with the subject: "DHL Ship Notification Service," are asked not to click on the links or follow the instructions in it. The email message is just one of the many created by scammers or hackers to trick the recipients into clicking on the links in it, which will take them to malicious websites that will infect their computers with viruses or spyware.

Please continue reading below.

A Sample of the "DHL Ship Notification Service" Malicious Email

DHL Ship Notification Service

From: "Express Mail"
Date: May 3, 2013, 11:32:13 PM EST
Subject: Ship Notification Service
Reply-To: "Express Mail"

If the links are not working, please move message to "Inbox" folder.

DHL Ship Shipment Notification

On May 1, 2013 a shipment label was printed for delivery.

The shipment number of this package is 77390249.

To get additional info about this shipment use any of these options:

1) Click the following URL in your browser:
Get Shipment Info

2) Enter the shipment number on tracking page:
Tracking Page

For further assistance, please call DHL Customer Service. For International Customer Service, please use official DHL site.

This message was created by DHL Ship, a product of DHL, at the request of the sender. No authentication of email address has been performed.
Deutsche Post DHL 2013 DHL International GmbH. All rights reserved.

Clicking on any of the links in this email message will take the recipients to the following website:

  • www.dupreezvanwyk images/index.php?info=845_1340062607

It appears that the website was hacked and the malicious web page "/images/index.php" was placed on it. The page will automatically download the zip file "" that contains the malicious Trojan horse "Shipping Detail.exe".

The file "Shipping Detail.exe" was scanned at and the following antirvirus software detected the Trojan horse:

  • Antivirus - Threat
  • Avast - Win32:Crypt-OQO [Trj]
  • ByteHero - Trojan.Malware.Obscu.Gen.004
  • ESET-NOD32 - a variant of Win32/Kryptik.AYMJ
  • Fortinet - W32/Kuluoz.ABY!tr.dld
  • GData - Win32:Crypt-OQO
  • Kaspersky - Trojan-Downloader.Win32.Dofoil.pog
  • Malwarebytes - Trojan.Downloader
  • McAfee - Artemis!F27B3B05B52B
  • McAfee-GW-Edition - Heuristic.BehavesLike.Win32.Suspicious-BAY.K
  • Sophos - Mal/Weelsof-D
  • VIPRE - Trojan.Win32.Kuluoz.b (v)

Recipients of the malicious email message should delete it and should not attempt to open the attachment. Recipients of email notifications from an organization are asked to go directly to that organization's website and view the information from there, instead of clicking on the links in it. Therefore, recipients of email messages similar to the one above should always go directly to DHL's website at and track their shipment from there.

Please share with us what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any. And, forward malicious email messages to us using the following email address: .

Contribute to Online Threat Alerts

Would you recommend this article to a friend or family member?

Yes (1)          No (0)   

Alert and help your family and friends by sharing this article with them:

Submit Your Comment or Question

Submit your comment or question in the box below to share what you know or to get answers about this article.

CommentComments or Questions ()