Sophos Cloud Optix
Take care when opening your email inbox, as malicious hackers have spammed out another malware attack posing as a parcel delivery notification.
The emails, which pretend to be related to a FedEx package delivery, have been sent out via spam email to addresses around the world. But if you open the attached file – called document.zip – you risk infecting your Windows computer.
Dear customer.
The parcel was sent your home address.
And it will arrive within 7 business day.More information and the tracking number are attached in document below.
Thank you.
© FedEx 1995-2011
All of the emails we have seen in this latest campaign use the subject line “FedEx notification #XXXXX” (where “XXXXX” is a random number), although obviously this could be changed by the attackers at any time.
Sophos products intercept the malware attack as Troj/Bredo-FN.
As Duck described in his recent 90 second news video, scammers are banking on the coincidence that you really are waiting for a parcel to be delivered when one of these fake package notification emails arrives.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)
The same has been coming to my inbox masquerading as a Canada Post delivery; I use a 'dot.ca' domain. But it was obvious to me that it was a scam, although it seemed convincing
Hello. I was infected by this virus yesterday. It was horrible. I completely blocked my access to all my programs. Each time I open a program – even system restore and shut-down options – nothing happens, and the virus would post a notification saying that the so-and-so program is infected. I couldn't even install Norton. It's executable file wasn't working. The only way that effectively resolved this problem was to run Windows in safe mode, and then using system restore capability. After that the virus and all its activities kind of disappeared. I then installed Norton immediately, and I'm now removing all the virus traces. I never open spam attachments, but this one fooled me because the e-mail carries the name FedEx. How could the name of such a reputable company ever be manipulated like that???? However, the only indicator that this was a malicious attachment was that its it's e-mail landed primarily in my spam folder. I recommend that all people pay attention to the system restore capability. It's wonderful, but sometimes you don't find a suitable restore date.
Whew! I recieved the FedEx last wk and UPS today. Not waiting for anything from FedEx I did a little research. Reading your description of the virus I'm glad I did.
Anyone have any idea where they may pick up the addresses?
I think I know where they get the emails. Facebook!! I know that as the emails I get are all to the address I use for Facebook!!!
How they do it, is another matter!
CP
It seems that it is effecting other companies. I recieved an "DTC notification". With Document.zip.
I keep getting those annoying Fedex emails! I opened one of the emails just to read what it was. I'm glad that's all I did! I knew it was fake because I get like 5 of them a day and I'm not expecting anything from Fedex. They also send me emails saying that I need to verify my credit card number before they can deliver my lovely package of trojans and give me a link to do so. I'm not gonna click the link, so I don't know what exactly that takes you to…
I called FedEx about this. They said said to forward this email to: abuse@fedex.com
FedEx notification,
The delivery service couldn’t deliver your package.
The package weight exceeds the allowable free-delivery limit.
You have to receive your packagen personally.
Print out the "Invoice Copy" attached and collect the package at our office.
Please read carefully the attached information before receiving your package.
Thank you for attention. FedEx Services.
Is this a varient – I'm not expecting anything and the typo's give it away?
I'm presuming it's the same as I just recieved an email with the same layout as yours about two days ago (which was lying in my junk mail). Was about to open the .zip file but somehow decided to investigate on it a bit.
I have just been scammed in uk by the fedex virus, said item needed extra money etc etc, stupidly opened it and now my laptop is effectively dead.Should have left it in spam but was expecting a u s package.
I just received another Fed Ex phish. This one came in via ESMTP with TLS from the domain cpux1.go180.net (216.229.188.147). The payload then called out to 178.162.132.116 via a hard coded IP and did a DNS resolution for anotherone.ipq.co (81.91.1.36). Watch out… This thing is still out there!
I get one or two of these at regular intervals but last night over a 30 minute period got deluged with 4100 of the things!!!! Is this a record?
I got one this morning from a usps.com address. Was expecting something from someone with poor handwriting, so I didn't even stop to wonder how USPS would've known my email… and stupidly opened the .zip file. It contained one .exe file and a folder with a large number of other files, mostly documents as I recall. Nothing seems wrong yet so I'm just praying this thing can't infect a Mac. Here's the email (minus that .zip file!):
Postal notification,
Our company’s courier couldn’t make the delivery of parcel.
ReasonIt’s not right the address of recipient.
LOCATION OF YOUR PARCEL:Honolulu
STATUS OF YOUR PARCEL: sorting
SERVICE: Local Pickup
:U613775634NU
FEATURES: No
Label is enclosed to the letter.
Print a label and show it at your post office.
An additional information
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $8.61 for each day of keeping of it.
You can find the information about the procedure and conditions of parcels keeping in the nearest office.
Thank you for using our services.
USPS Express Services.
I have now had DHL and UPS this morning as well as the Fedex ones!
Why are these people doing this?
Is it some form of terrorism???
got one from FedEx a few days ago, was expecting package so stupidly opened it and clicked on "GET & PRINT RECEIPT". Of course there was nothing there to get and print. Have Norton, scan showed some yellow level attempts to enter that had been blocked. Does this mean I'm safe or am I – and my friends – still possibly infected?
willow wales
got one from FedEx a few days ago, was expecting a package so stupidly opened it and clicked on "GET & PRINT RECEIPT". Of course no receipt was there. Have Norton and did security scan, showed a few "yellow dots" where some things had been denied. Does this mean I'm safe, or is there still danger for me (and friends!) ??
Marilyn