madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Spamvertised FedEx notifications lead to malware

By | March 16, 2011, 9:20am PDT

Summary: A currently ongoing spamvertised campaign is brand-jacking FedEx for malware-serving purposes.

A currently ongoing spamvertised campaign is brand-jacking FedEx for malware-serving purposes.

Sample attachments:FedEx letter.zip; FedEx letter.exe
Sample subject: FedEx notification #random number
Sample message: Dear customer. The parcel was sent your home address. And it will arrive within 7 business day. More information and the tracking number are attached in document below. Thank you. © FedEx 1995-2011

Upon downloading the executing the attachment, the malware attempts to download  two additional binaries, next to sniffing for FTP credentials off infected hosts.

Detection rate for FedEx letter.exe.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Malware, FedEx Corp., Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 12 Talkback(s)

  • More victims
    I've seen the same for UPS as well. I sent them a copy of the message [to their support] and got back a message saying that [something like] "The tracking number has been investigated. Contact the shipper if you still have problems".

    What a bunch of dummies.

    The source of the malware [where it was hosted] was a charity. I also sent a copy of the message to the president of the charity. Either their webmaster was part of it or was dumb [relaxed security on the site]. Idiot should be fired.
    ZDNet Gravatar
    Gis Bun
    16th Mar
  • RE: Spamvertised FedEx notifications lead to malware
    Thanks, and enjoy replica watches
    ZDNet Gravatar
    lovedong
    13th Sep
  • RE: Spamvertised FedEx notifications lead to malware
    This is news?

    Not only is this old and much copied, but in my case, Forefront just removed the attachment automatically.
    ZDNet Gravatar
    tonymcs@...
    16th Mar
  • RE: Spamvertised FedEx notifications lead to malware
    Well done! Thank you very much for professional templates and community edition
    sesli chat sesli sohbet
    ZDNet Gravatar
    talih
    12th Aug
  • RE: Spamvertised FedEx notifications lead to malware
    I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
    ZDNet Gravatar
    MACKENZI
    11th Sep
  • RE: Spamvertised FedEx notifications lead to malware
    I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
    ZDNet Gravatar
    PEARLINEI
    12th Sep
  • RE: Spamvertised FedEx notifications lead to malware
    I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
    ZDNet Gravatar
    RHIANNONA
    13th Sep
  • RE: Spamvertised FedEx notifications lead to malware
    I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
    ZDNet Gravatar
    SATURNINA
    14th Sep
  • RE: Spamvertised FedEx notifications lead to malware
    Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
    ZDNet Gravatar
    TOCCAR
    25th Sep
  • RE: Spamvertised FedEx notifications lead to malware
    Thanks nice info z d n e t I really liked your current article write more..let me add you to its favorite The articles you have on zdnet s i t e are always so enjoyable to read. Good work and I bookmarked it.
    ZDNet Gravatar
    MCKNIGH
    26th Sep
  • RE: Spamvertised FedEx notifications lead to malware
    Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
    ZDNet Gravatar
    MEJIAHA
    30th Sep
  • RE: Spamvertised FedEx notifications lead to malware
    Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
    ZDNet Gravatar
    FAULKNE
    13th Oct

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources