New Spam Purports to be From FedEx
According to MX Logic, a online security vendor, over 21 Million spam mails claiming to notify non-delivery of parcels from FedEx attacked the Web. These e-mails accounted for almost 80% of all malware-borne messages during the 24 hours between August 21 and 22, 2008.
MX Logic said that the fake FedEx e-mails used various allurements like a number to track the package or a statement that there is a package for the recipient. The e-mails claimed that a parcel that the recipient sent on July 25, 2008 could not be delivered, as the postal address given was incorrect. The e-mails then said that the recipient needs to take out the print of an attached bill and collects the parcel from FedEx office by showing it.
However, the bill is in a zip format and contains malware, said MX Logic. Once opened, the malicious code inside the .zip file infects the user's computer.
According to Masiello, Vice-President of Information Security, MX Logic, the FedEx scam is the third set of spam mails posing to arrive from a courier firm in recent weeks, and it has come with the largest volume, as reported by internetnews on August 22, 2008.
Masiello added that earlier, spammers spoofed DHL and UPS and the number of e-mails counting to tens of thousands, indicating to what a reputed brand and effective social engineering could do for a user.
Furthermore, according to Masiello, while the non-delivery notice appears just like something FedEx would dispatch, but it doesn't say which FedEx office to visit for collecting the parcel. It also suggested that the messages were being dispatched blindly without harvesting FedEx's databases.
Meanwhile, MX Logic has still not been able to trace the e-mail's senders. Masiello explained that it was difficult to locate the persons behind the botnets, as they use systems from all over the world rather than ones from a central point and this was also the reason why so few people got arrested.
However, Masiello expects the FedEx spam to wane out soon, as spammers might move on to steer a new campaign.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 01-09-2008