FedEx notification malware attack spammed out

Filed Under: Malware, Spam

Take care when opening your email inbox, as malicious hackers have spammed out another malware attack posing as a parcel delivery notification.

The emails, which pretend to be related to a FedEx package delivery, have been sent out via spam email to addresses around the world. But if you open the attached file - called document.zip - you risk infecting your Windows computer.

Malicious FedEx notification email

Dear customer.

The parcel was sent your home address.
And it will arrive within 7 business day.

More information and the tracking number are attached in document below.

Thank you.
© FedEx 1995-2011

All of the emails we have seen in this latest campaign use the subject line "FedEx notification #XXXXX" (where "XXXXX" is a random number), although obviously this could be changed by the attackers at any time.

Sophos products intercept the malware attack as Troj/Bredo-FN.

As Duck described in his recent 90 second news video, scammers are banking on the coincidence that you really are waiting for a parcel to be delivered when one of these fake package notification emails arrives.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)

, , ,

You might like

16 Responses to FedEx notification malware attack spammed out

  1. paul · 1134 days ago

    The same has been coming to my inbox masquerading as a Canada Post delivery; I use a 'dot.ca' domain. But it was obvious to me that it was a scam, although it seemed convincing

    • Mahmoud · 1133 days ago

      Hello. I was infected by this virus yesterday. It was horrible. I completely blocked my access to all my programs. Each time I open a program - even system restore and shut-down options – nothing happens, and the virus would post a notification saying that the so-and-so program is infected. I couldn't even install Norton. It's executable file wasn't working. The only way that effectively resolved this problem was to run Windows in safe mode, and then using system restore capability. After that the virus and all its activities kind of disappeared. I then installed Norton immediately, and I'm now removing all the virus traces. I never open spam attachments, but this one fooled me because the e-mail carries the name FedEx. How could the name of such a reputable company ever be manipulated like that???? However, the only indicator that this was a malicious attachment was that its it's e-mail landed primarily in my spam folder. I recommend that all people pay attention to the system restore capability. It's wonderful, but sometimes you don't find a suitable restore date.

      • shevin · 1126 days ago

        Whew! I recieved the FedEx last wk and UPS today. Not waiting for anything from FedEx I did a little research. Reading your description of the virus I'm glad I did.

        Anyone have any idea where they may pick up the addresses?

        • Colin · 617 days ago

          I think I know where they get the emails. Facebook!! I know that as the emails I get are all to the address I use for Facebook!!!

          How they do it, is another matter!

          CP

  2. angryreimu · 1132 days ago

    It seems that it is effecting other companies. I recieved an "DTC notification". With Document.zip.

  3. Elizabeth · 1098 days ago

    I keep getting those annoying Fedex emails! I opened one of the emails just to read what it was. I'm glad that's all I did! I knew it was fake because I get like 5 of them a day and I'm not expecting anything from Fedex. They also send me emails saying that I need to verify my credit card number before they can deliver my lovely package of trojans and give me a link to do so. I'm not gonna click the link, so I don't know what exactly that takes you to...

  4. Jenna · 911 days ago

    I called FedEx about this. They said said to forward this email to: abuse@fedex.com

  5. Stephen · 781 days ago

    FedEx notification,

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the "Invoice Copy" attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you for attention. FedEx Services.

    Is this a varient - I'm not expecting anything and the typo's give it away?

    • Izzy · 775 days ago

      I'm presuming it's the same as I just recieved an email with the same layout as yours about two days ago (which was lying in my junk mail). Was about to open the .zip file but somehow decided to investigate on it a bit.

  6. Sara dracup · 778 days ago

    I have just been scammed in uk by the fedex virus, said item needed extra money etc etc, stupidly opened it and now my laptop is effectively dead.Should have left it in spam but was expecting a u s package.

  7. I just received another Fed Ex phish. This one came in via ESMTP with TLS from the domain cpux1.go180.net (216.229.188.147). The payload then called out to 178.162.132.116 via a hard coded IP and did a DNS resolution for anotherone.ipq.co (81.91.1.36). Watch out... This thing is still out there!

  8. Denis Smyth · 738 days ago

    I get one or two of these at regular intervals but last night over a 30 minute period got deluged with 4100 of the things!!!! Is this a record?

  9. workingonit · 696 days ago

    I got one this morning from a usps.com address. Was expecting something from someone with poor handwriting, so I didn't even stop to wonder how USPS would've known my email... and stupidly opened the .zip file. It contained one .exe file and a folder with a large number of other files, mostly documents as I recall. Nothing seems wrong yet so I'm just praying this thing can't infect a Mac. Here's the email (minus that .zip file!):

    Postal notification,

    Our company’s courier couldn’t make the delivery of parcel.
    ReasonIt’s not right the address of recipient.

    LOCATION OF YOUR PARCEL:Honolulu
    STATUS OF YOUR PARCEL: sorting
    SERVICE: Local Pickup
    :U613775634NU
    FEATURES: No

    Label is enclosed to the letter.
    Print a label and show it at your post office.

    An additional information
    If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $8.61 for each day of keeping of it.

    You can find the information about the procedure and conditions of parcels keeping in the nearest office.

    Thank you for using our services.
    USPS Express Services.

  10. Colin · 617 days ago

    I have now had DHL and UPS this morning as well as the Fedex ones!

    Why are these people doing this?

    Is it some form of terrorism???

  11. willow wales · 454 days ago

    got one from FedEx a few days ago, was expecting package so stupidly opened it and clicked on "GET & PRINT RECEIPT". Of course there was nothing there to get and print. Have Norton, scan showed some yellow level attempts to enter that had been blocked. Does this mean I'm safe or am I - and my friends - still possibly infected?

    willow wales

  12. Marilyn · 454 days ago

    got one from FedEx a few days ago, was expecting a package so stupidly opened it and clicked on "GET & PRINT RECEIPT". Of course no receipt was there. Have Norton and did security scan, showed a few "yellow dots" where some things had been denied. Does this mean I'm safe, or is there still danger for me (and friends!) ??

    Marilyn

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.