It all starts with a bogus email pretending to come from the delivery company. The customer is told that the postal package he sent on March 14 was not delivered because the address was incorrect.

Furthermore, the customer and soon-t-be-victim is told to open the attached invoice copy, print it and use it to collect his package from a DHL office.

As expected, the so-called attached invoice (called DHL_DOC.zip) is in fact the bearer of the Troj/Bckdr-QSL backdoor Trojan horse. The malware will infect the computer once it’s been accessed and will eventually attempt to take over the control.

Up till now, all of the infected emails come with the same subject line – "DHL Tracking number" – plus some random generated number. BE careful and don’t fall for this kindergarten trap.