Spam Mails Supposedly from FedEx Install Malware

Security researchers from two security companies claim that a spam outbreak, which uses bogus FedEx notifications, is currently spreading malware, thus published softpedia.com dated December 6, 2012.

In the spam campaign the e-mail recipients addressed as Fed Ex customers are told that their parcels have come to their local post-office on the 4th of December. FedEx's post-rider couldn't hand them over to the intended destinations; therefore, for collecting these parcels, the recipients are requested to visit their area FedEx branch where they may present the attached postal receipt.

But actually there is an executable named Postal-Receipt.exe inside the receipt and it carries one document icon so the file appears less dubious. Besides, on its execution, the user finds certain document reader software.

Also, behind the scene, the malware inserts script inside svchost.exe while communicates with its centralized C&C infrastructure so the payload can be downloaded.

GFI Software detected this malicious software as Trojan.Win32.Generic.pak!cobra while Avira found it as TR/Inject.exab.

Commenting on the above infection files, Security Researcher Chris Boyd from GFI Software stated that these were connected to Ransomware such as "Wheelsof" (within the current spam) that if believed could cause the potential victim's computer become locked. Gfi.com published this dated December 5, 2012.

Furthermore according to the security companies, just 3 anti-virus engines out of the total 48 of VirusTotal the Internet virus-scanning utility managed in recognizing the malicious programs.

FedEx, meanwhile, stating it has nothing to do with the currently spreading spam asked users to remain cautious about fake e-mails asserting as being from FedEx and relating to certain parcel which could not get handed over. These e-mails direct recipients that they should click open a given attached file and get the receipt to collect the parcel. The attachment, however, triggers off a virus. Therefore such attachments should not be opened while the associated e-mails instantly deleted, FedEx suggests.

Actually, these fake electronic mails are illegal acts of intermediary entities that aren't related to FedEx. For, if FedEx dispatches electronic mails containing tracking numbers to collect parcels not handed over, there won't ever be any attachment included, the company states.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 12/14/2012