DHL Brandjacked in New Malicious Spam Campaign


A new spam campaign is using fake DHL tracking notifications to deliver malware.

The emails inform the recipient of a shipment that’s on the way to them and to check the attachment for details. In this zip file, there are two pieces of malware: Mal/BredoZp-B and Mal/Zbot-FV. Zbot, also known as the infamous Zeus. Both are linked to botnets and designed to steal online banking info, login credentials and other personal information. The name of the attachment is different in each message, which helps keep the spam from being caught by filtering software.

While this type of spam has been around for a while, and has brandjacked FedEx, UPS and the US Postal Service as well, there is one very noticeable difference about this particular campaign. The emails are written in perfect English. No typos or grammar errors. That’s pretty unusual as most of these scams are carried out by overseas cybercriminals with very poor English skills. The broken English and bad spelling was an easy giveaway that the message was fake. With that red flag removed, it’s possible more people will fall for it and have their computers infected, because sadly, even though it’s common knowledge that you should never open an attachment from anyone you don’t know and be careful with ones you do know, people still ignore the danger and do it anyway. Their curiosity gets the better of them and that’s exactly what cybercriminals and spammers hope for.

For the record, DHL never sends out tracking information as an attachment.


Written by Sue Walsh


  1. Donna Keaton · March 26, 2012

    Why is it that logistics companies are the number one host-target of brandjacking attacks? As you can see, it’s some sort of a trend with the same processes. DHL, UPS and FedEx are worth more than a billion dollar each and they can’t do anything about it? Where’s their cyber security fund?

    I know they have the best servers and online security system but why can’t they do anything about brandjacks? Shame on them. Who’s leading these companies? They should protect their brands. If it were me, I would file a case against DHL because they EASILY let anyone hack their brand. Do they have any concerns for their customers? This has to stop.
    Obviously, email users

  2. Rick Aames · March 27, 2012

    These shipping-related brandjacks are always difficult to sniff out because you never know when someone might be sending you an unexpected surprise package. The thing that people need to be aware of, like you said, is that this information is never included as an attachment, but a full on spoof that includes a fake website might work if someone clicks on a fake tracking number. Very very hazardous territory. Might be best just to phone the shipper with the proposed tracking number and see if they have that package before doing anything else.

Leave A Reply