FedEx Spam Delivers Trojan to Your Inbox

FedEx SpamFact: It’s dangerous to click hyperlinks embedded in emails purporting to be a FedEx delivery notice, especially if it’s unsolicited.

Good thing is there will likely be clues indicating that the message is a trap. Take the FedEx spam that hit our inbox just yesterday:

From: FedEx (donotreply@fedex.com)
Subject: Track shipments/FedEx Office orders summary results: Delivered
To: 1.wiener.ponny-caroussel@login.at
Track shipments/FedEx Office orders summary results:
———————————————————————–
Tracking number Status Date/Time
1528109897529299153381 Delivered Feb 11, 2014 11:20 AM
Track shipments/FedEx Office orders detailed results:
———————————————————————–
Tracking number 1528109897529299153381
Reference 304562545939205016220700000000
Ship date Feb 03, 2014
Ship From NEW YORK, NY
Delivery date Feb 11, 2014 11:20 AM
Service type FedEx SmartPost
Tracking results as of Feb 11, 2014 3:37 PM CST

Click Here and get Travel History
———————————————————————–
Disclaimer
———————————————————————–
FedEx has not validated the authenticity of any email address.

The two main red flags in this email are: the unfamiliar email address in the ‘To’ field, and the fact that the embedded link doesn’t point to the official FedEx website, but an unrelated third-party site.

Should a user make the mistake of following the link, a file by the name of track_shipments_FedEx.zip will be downloaded onto their PC. Contrary to what the name suggests, track_shipments_FedEx.zip doesn’t contain the FedEx shipment history (which is usually available online), but malware that Sophos detects as Troj/Invo-Zip.

Troj/Invo-Zip is a Trojan Horse known for dropping additional malware on infected systems and is typically spread via spam messages like the one shared here. Only Windows systems are affected by this threat, and 17/49 antivirus vendors are capable of detecting Troj/Invo-Zip, including AVG, ESET NOD32, and TrendMicro.

Hopefully users that click the link in this spam attack are protected by one of those antivirus solutions.

What to Do About FedEx Spam

Did you receive an email similar to the one above? If you did, we strongly recommend that you:

  • Do NOT click on any links or download/open any associated files.
  • Report the email to FedEx by forwarding it to abuse@fedex.com.
  • Delete the email immediately.
Like this post? Follow us online by liking us on Facebook, following us on Twitter (@sdpcfix), or circling us on Google+.