Fed-Ex targeted spam mails overwhelming inboxes
FedEx clients have been continuously getting spam mails posing as messages from the worldwide service for courier; however, from 2013-beginning, Fed-Ex related malicious e-mail campaigns have gotten more plentiful compared to anytime earlier thus making Symantec and Webroot both security companies to caution regarding dual separate bulk e-mail attacks.
Specifically according to the Webroot-determined spam run, e-mails posing as sent from 'FedEx Online Billing' have a so-called fresh invoice the recipient apparently noticed as also cleared the payment of.
However, a web-link presented for obtaining the log-in section to enable the user access his account actually takes onto sites harboring the BlackHole attack toolkit, eventually contaminating the end-user's PC with Trojan Zbot (also called ZeuS).
Moreover, the Symantec-detected spam run contains e-mails providing "tracking details" while advising recipients to follow a web-link for obtaining the acknowledgement and take a print-out so they may gather their parcel the courier couldn't hand over. But, the web-link leads onto legitimate sites, which have been compromised, and on which a malevolent file named PostalReceipt.zip appears for downloading.
Indeed, this file is one executable carrying Trojan Smoaler that pulls down more malware on the hijacked PC as also creates one backdoor on it.
Nevertheless, in an alert posted online alongside more details regarding Internet-security, FedEx appears to be wary about the many cyber-crook activities which exploit the company's reputation. Consequently, FedEx tells everything to consumers, required for remaining safe from such scams.
It posts that like always, end-users must maintain up-to-date anti-viruses on their computers while overlook web-links inside electronic mails that arrive from unfamiliar sources. Incase of any dubious e-mail a firm sends with which the recipient has done no transaction whatsoever, such e-mails must be regarded as potentially malevolent while eschewed from viewing.
Moreover, earlier during December 2012, a similar malware-laced junk e-mail scam targeted FedEx clients wherein the message told the recipient that on 4th December his parcel had come to his nearest post-office since the company's post-rider couldn't hand it over to him. Therefore he should take a given postal receipt and show it to the post-office for collecting the package, the spam mail alleged.
» SPAMfighter News - 05-02-2013