Spamvertised FedEx notifications lead to malware

Spamvertised FedEx notifications lead to malware

Summary: A currently ongoing spamvertised campaign is brand-jacking FedEx for malware-serving purposes.

SHARE:
TOPICS: Malware, Security
3

A currently ongoing spamvertised campaign is brand-jacking FedEx for malware-serving purposes.

Sample attachments:FedEx letter.zip; FedEx letter.exe Sample subject: FedEx notification #random number Sample message: Dear customer. The parcel was sent your home address. And it will arrive within 7 business day. More information and the tracking number are attached in document below. Thank you. © FedEx 1995-2011

Upon downloading the executing the attachment, the malware attempts to download  two additional binaries, next to sniffing for FTP credentials off infected hosts.

Detection rate for FedEx letter.exe.

Topics: Malware, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • More victims

    I've seen the same for UPS as well. I sent them a copy of the message [to their support] and got back a message saying that [something like] "The tracking number has been investigated. Contact the shipper if you still have problems".

    What a bunch of dummies.

    The source of the malware [where it was hosted] was a charity. I also sent a copy of the message to the president of the charity. Either their webmaster was part of it or was dumb [relaxed security on the site]. Idiot should be fired.
    Gis Bun
  • RE: Spamvertised FedEx notifications lead to malware

    This is news?

    Not only is this old and much copied, but in my case, Forefront just removed the attachment automatically.
    tonymcs@...
  • RE: Spamvertised FedEx notifications lead to malware

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    talih