DHL Express spam campaign leads to fake AV

A new spam campaign impersonating the popular mail service DHL Express is currently underway, warn Bkis researchers.

The email in question looks like this:

Once the user downloads and opens the attachment, the worm contained in it downloads a fake AV solution from a server located in Russia.

The fake AV (“XP Home Security”) immediately starts its work and tries to trick the user into buying a full version that will supposedly remove all the infections it found.

Users are warned to be careful when reviewing emails purportedly coming from DHL express or any of the other well-known express mail services – more often than not, they are fake emails containing malicious attachments.