“Come to the Post Office” FedEx Spam Delivers Trojan Downloader

FedExBrace yourselves for another round of evil FedEx spam!

An email purporting to be from FedEx dropped into my inbox early this morning suggesting that I stop by the postal office to correct an erroneous shipping address. Of course, I am urged to click a link to retrieve the shipping label before doing so.

That sounds safe, right? There’s nothing suspicious about the fact that the entire email is a single JPG image, that I don’t recall ever giving FedEx my email address, or that the shipping label link points to a third-party website and not a page on the fedex.com domain, right? *cough*

FedEx Spam

Subject: You should come to the post office
From:  FedEx (international@ussfedex.com)

FedEx
Federal Express

Unfortunately we failed to deliver the postal package you have sent on the 27th of August in time because the recipients’ address is erroneous.

Please print out the label copy attached and collect the package at our office.

Print a shipping Label

Let’s just say you didn’t notice the huge red flags waving in the back of your mind and you did click the link – what would happen?

You would be taken to a malicious third-party site that executes a drive-by-download (via JavaScript) and be prompted to open/save a file named “Label_Copy_Fedex.zip.”

Despite the name, the archive in question doesn’t house a handy-dandy shipping label, but malware identified by Microsoft Security Essentials as TrojanDownloader:Win32/Kuluoz.B. As the name suggests, Kuluoz.B will connect to a remote server to download additional malware, which will more than likely be a variant of Winwebsec, a fake antivirus program.

Prevent Kuluoz from Infecting Your PC

Assuming that you don’t want your computer to become infected with malware that will attempt to trick you into handing over your credit card information by performing bogus system scans & showing you a list of fake infections, keeping Kuluoz away from your computer is relatively easy. All you have to do is:

  • Exercise caution when following hyperlinks.
  • Keep your operating system fully patched & up-to-date.
  • Always run antivirus software & keep the virus definitions current.
  • Consider running a browser plug-in like NoScript that offers user control over JavaScript & Java embedded on websites you visit.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, malware, phishing, social engineering, spam and tagged , , , , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.
  • Abhayanila

    Yes. I have also received same email. Not just from Fedex but also from UPS and DHL. Luckily I was in the internet cafe when I first received and opened that email with attachment. Then something poped out from the computer that says there’s a virus.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5