»

"DHL Ship Notification Service" Virus Emails

 +
"DHL Ship Notification Service" Virus Emails

Would you share this Article with others?

Recipients of the email message below with the subject: "DHL Ship Notification Service," are asked not to click on the links or follow the instructions in it. The email message is just one of the many created by scammers or hackers to trick the recipients into clicking on the links in it, which will take them to malicious websites that will infect their computers with viruses or spyware.

A Sample of the "DHL Ship Notification Service" Malicious Email

DHL Ship Notification Service

From: "Express Mail" support@postwack.com
Date: May 3, 2013, 11:32:13 PM EST
Subject: Ship Notification Service
Reply-To: "Express Mail" support@postwack.com

If the links are not working, please move message to "Inbox" folder.

DHL PACK STATION
DHL Ship Shipment Notification

On May 1, 2013 a shipment label was printed for delivery.

The shipment number of this package is 77390249.

To get additional info about this shipment use any of these options:

1) Click the following URL in your browser:
Get Shipment Info

2) Enter the shipment number on tracking page:
Tracking Page

For further assistance, please call DHL Customer Service. For International Customer Service, please use official DHL site.

Disclaimer:
This message was created by DHL Ship, a product of DHL, at the request of the sender. No authentication of email address has been performed.
Deutsche Post DHL 2013 DHL International GmbH. All rights reserved.

Clicking on any of the links in this email message will take the recipients to the following website:

  • www.dupreezvanwyk .co.za/ images/index.php?info=845_1340062607

It appears that the website was hacked and the malicious web page "/images/index.php" was placed on it. The page will automatically download the zip file "Shipping-Detail.zip" that contains the malicious Trojan horse "Shipping Detail.exe".

The file "Shipping Detail.exe" was scanned at http://virustotal.com and the following antirvirus software detected the Trojan horse:

  • Antivirus - Threat
  • Avast - Win32:Crypt-OQO [Trj]
  • ByteHero - Trojan.Malware.Obscu.Gen.004
  • ESET-NOD32 - a variant of Win32/Kryptik.AYMJ
  • Fortinet - W32/Kuluoz.ABY!tr.dld
  • GData - Win32:Crypt-OQO
  • Kaspersky - Trojan-Downloader.Win32.Dofoil.pog
  • Malwarebytes - Trojan.Downloader
  • McAfee - Artemis!F27B3B05B52B
  • McAfee-GW-Edition - Heuristic.BehavesLike.Win32.Suspicious-BAY.K
  • Sophos - Mal/Weelsof-D
  • VIPRE - Trojan.Win32.Kuluoz.b (v)

Recipients of the malicious email message should delete it and should not attempt to open the attachment. Recipients of email notifications from an organization are asked to go directly to that organization's website and view the information from there, instead of clicking on the links in it. Therefore, recipients of email messages similar to the one above should always go directly to DHL's website at http://www.dhl.com/ and track their shipment from there.

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Please share what you know or ask a question about this article by leaving a comment below. Check the comment section below for additional information, if there is any. Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com. And, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent. Also, to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews
(Total: 8)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts.

  • November 28, 2016 at 1:32 PM by an anonymous user from Bloomington, Illinois, United States

    My wife clicked on what I told her could be a Hacker. It asked for e-mail and password from an order shipped through DHL. We changed password on E-Mail already.

    remove

  • July 21, 2013 at 1:22 AM by info

    Since you are not sure if you computer was infected with this malware, please do a full scan of your computer with the antivirus software that you have installed on your computer.<br/><br/>If you do not have an antivirus software on your computer, you can download Avast. <a href="http://www.avast.com/index" target="_blank">Click here to download.</a>.

    remove

  • July 21, 2013 at 1:13 AM by an anonymous user from Al Jubayl, Eastern Province, Saudi Arabia

    yes i got This E mail Also,and by mistake i open mail.but i forword this mail My other Ordinary <br/>E mail Address and then try to open Link.but there was Error,and page could not open.so am i Safe????if any Problem what should i do???<br/>please Reply me

    remove

  • July 19, 2013 at 4:08 PM by an anonymous user from Cassville, New Jersey, United States

    yes I received this today, too vague to be real- thanks for having this site to confirm my hunch

    remove

  • July 16, 2013 at 2:22 PM by an anonymous user from Philadelphia, Pennsylvania, United States

    I received an e mail on July 11,2013 which is very much like the one you show. I was sure this was a scam so I checked your site. Thank you for having the info available for your customers.

    remove

  • July 15, 2013 at 3:46 PM by an anonymous user from Rocky Mount, North Carolina, United States

    Thank you very, very much! I do a lot of shipping & receiving from various places & I just received one of these. I was suspicious so I checked on Google & found you guys! Thanks again!!!<br/><br/>Rev. Bradshaw

    remove

  • July 3, 2013 at 11:02 AM by info

    Currently, there is no way of stopping these email messages from being sent to you.

    remove

  • July 3, 2013 at 10:58 AM by an anonymous user from Cleveland, Ohio, United States

    Is there anyway to stop these messages from continuing to come?

    remove

 Show More Comments (8)
Write Your Comment, Question, Answer, or Review
Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.
Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

"DHL Ship Notification Service" Virus Emails