Cybercriminals have spammed out a widespread email attack, distributing malware in messages pretending to come from Fedex.
The emails, which have subject lines beginning "Fedex Tracking number" followed by a random reference number, pretend to come from named personnel inside "Fedex Support" and claim that the company was unable to deliver a package on the 27th of July.
Other emails being sent in the attack use a subject line of "Fedex Invoice copy" and "Fedex Item Status", both followed by a random reference number.
Unlike many of the other Fedex-related malware attacks we have seen in the past, the emails carry the message about the failed delivery in the form of an image rather than text - possibly in an attempt to try and defeat more rudimentary anti-spam filters.
Attached to the emails is a file called
FEDEXInvoiceEE<random number>OP.zip
which Sophos detects as Troj/Invo-Zip. Inside the file is a Trojan horse called Troj/Mdrop-CVP, capable of infecting Windows computers.
A quick glance in a sample of our spam traps reveals just how many messages we are intercepting in a matter of minutes:
Of course, Fedex has no connection with this malware campaign, beyond having its brandname tarnished by the hacking gang.
Make sure that you, your friends and your colleagues are wise to scams like this - and don't make the mistake of clicking on suspicious attachments.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
Exactly this has resmed as of December 22, 2012 , in the USA.
Thanks for the post.
These are still going around. Got one of these today. January 3, 2013.
I get a kick out of people on various sites saying 'how did they know I was expecting a package?'. It's like come on dummy, they sent out millions of these so I'm sure there were 1000's of people expecting at that time. LOL One person even said 'I'm an experienced user so I knew it was possibly a fake but then i accidentally clicked on it and I got infected. hahahaha People kill me.
Got one today, 1/9/2013. I suspected it was not actually from FedEx as scam claimed my package arrived at "the post office". FedEx does not deliver to the post office. The scam also instructed me to "go to the nearest office and show this receipt". Luckily, I figured it'd be a bad idea to click on the "GET & PRINT RECEIPT" box. I'd been shopping online quite a but over the past month so I almost fell for it.
Yep, just got one as well on 1/15/13. The odd thing is there are no attachments or active links in my message.
I received one today.
Fed Ex
Order: JN-3474-96336700
Order Date: Thursday, 3 January 2013, 11:23 AM
Dear Customer,
Your parcel has arrived at the post office at January 6.Our courier was unable to deliver the parcel to you.
To receive your parcel, please, go to the nearest office and show this receipt.
GET & PRINT RECEIPT
Best Regards, The FedEx Team.
Got two today- both had different tracking numbers
Thanks for the information. I've just had the same message as June
Here is my version (received today)
Subject: Tracking Number (N)GHF30 360 360 8657 8657
Priority: Normal Date: Wednesday, January 23, 2013 12:40 PM Size: 9 KB
Fed Ex
Order: SGH-6578-23967015
Order Date: Thursday, 17 January 2013, 11:10 AM
Dear Customer,
Your parcel has arrived at the post office at January 21.Our courier was unable to deliver the parcel to you.
To receive your parcel, please, go to the nearest office and show this receipt.
GET & PRINT RECEIPT
Best Regards, The FedEx Team.
Got the following today (1/23/13)
From: Postal Service <AVW.084@elpaso.com>
Subject: ID (x)XXX XXX XXXX XXXX
*+++
Fed Ex
Order: SGH-xxxx-xxxxxxxx
Order Date: Thursday, 17 January 2013, 11:10 AM
Dear Customer,
Your parcel has arrived at the post office at January 21.Our courier was unable to deliver the parcel to you.
To receive your parcel, please, go to the nearest office and show this receipt.
GET & PRINT RECEIPT
Best Regards, The FedEx Team.
Looks phony, but where would I go to check with Fedex...both numbers don't tra k, so probably a scam.
I got one yesterday and opened it! I know better but now live outside of the US and am expecting something (not sure what shipping method will be used) so fell for it. It isn't unusual to have to go to the post office to get a package, have done that before, but should have known better with FedEx. I did call them to verify that it is a scam. Good news is that I have a Mac -- am I protected or unknowingly spreading this virus. Can anyone tell me what the virus does once opened?
Thank you!
i got two today but i was suspicious so i went and seek this posts.. thanks
I got one today and opened the PRINT RECEIPT block on it because I was expecting a package via FedEx. I have Norton anti-virus protection on my PC and it neutralized it. I should have been more suspicious of the email since it said I was not home on Februaroy 14 at 06:30 PM when they Fed-Ex tried to deliver it.
I was not aware that Fed-Ex was being used for this purpose.
I also have been noticing that I am receiving all kinds of fake message wanting information from me. Those attempts ramped up a lot after I joined Facebook.
Hope this information helps you
I just got one of these today and i did print it and was going to go to the fedex office tomorrow wow..because i did have a package that could not be delivered but it was through the post office. thanks for the info....
OK, so I did receive one of these today and unfortunately I did open it. I've been expecting several deliveries and "assumed" this was legitimate. Anybody know what happens now? What benefit does the scammers derive from doing this? What can be done to avoid adverse affects?
The first dead give away is that all the e mails lacks information, like my first and last name, addressing me only as "Dear Client". There is no mention of what company had sent the package. My spam protection automatically sends this stuff to the trash, but I check it every so often and found more than one notice waiting to explode on me...
My wife got 2 of these today. FORTUNATELY, we do not have a printer so just went on the fed ex website and typed in the number. No package was recorded under this number, so we googled it and found this. What exactly happens if this link is opened.
I received one of these in my email today. I did not open the attachment because I knew I was not expecting anything by Fedex. What I understand it's malware and donot open these, delete!
Got one today 3/31/13 Did not open ..... it's all fake, don't fall for it.