FedEx and DHL Spam Attack with Greater Ferocity

Graham Cluley, Senior Technology Consultant, Sophos, on October 20, 2009 wrote on the company blog Sophos.com that security researchers were presently observing numerous spam mails posing as messages from DHL or FedEx. However, these spam mails were carrying attachments that could infect end-users' PCs.

Cluley wrote that the e-mail purported to have been come from DHL. They stated that the address given for the delivery of a certain parcel was incorrect; therefore, the recipient personally could collect it from the company's post office.

Users, who don't get alarmed at random spelling errors in the message, might imprudently click on the delivery tag that marks a given zip attachment.

Sophos said - the attachment actually contains malware that it has detected as Mal/Bredo-A or Troj/BredoZp-A. It gets downloaded in case the user attempts to take print out of the attachment.

In another post by Prashant Kumar security expert at SophosLabs on October 20, 2009 on Sophos.com, he wrote that the FedEx spam scam too used the same tactic against those receiving the spam mail, but with a slight textual variation.

The message states that unluckily it wasn't possible to hand over the postal package the e-mail recipient dispatched on October 18, 2009 in a specified time as the address of the person to get the package was incorrect. Thereafter, the message requests the recipient to open the attached invoice and take its print out for picking up the package from the FedEx office.

Interestingly, the latest e-mail's text is identical to the one used over 12 months back. Merely its date and malware are different. The malware, which comes in an attachment, is identified as Mal/EncPk-KP, a phony anti-virus program.

Kumar also writes that the current FedEx scam isn't the end of it. Therefore, users need to exercise extreme caution in case they receive these kinds of e-mails and do not open their attachments.

According to Cluley, dangerous e-mails posing as messages from courier firms have appeared earlier too in which hackers typically socially engineered recipients in such a way that they opened malware-laden attachments. He therefore advises all to act wisely prior to clicking on any such attachment.

Related article: FTC Reaches Million-Dollar Settlement For Spyware

» SPAMfighter News - 11/2/2009