An email purporting to be from FedEx dropped into my inbox early this morning suggesting that I stop by the postal office to correct an erroneous shipping address. Of course, I am urged to click a link to retrieve the shipping label before doing so.
That sounds safe, right? There’s nothing suspicious about the fact that the entire email is a single JPG image, that I don’t recall ever giving FedEx my email address, or that the shipping label link points to a third-party website and not a page on the fedex.com domain, right? *cough*
Subject: You should come to the post office
From: FedEx (email@example.com)
Unfortunately we failed to deliver the postal package you have sent on the 27th of August in time because the recipients’ address is erroneous.
Please print out the label copy attached and collect the package at our office.
Print a shipping Label
Let’s just say you didn’t notice the huge red flags waving in the back of your mind and you did click the link – what would happen?
Despite the name, the archive in question doesn’t house a handy-dandy shipping label, but malware identified by Microsoft Security Essentials as TrojanDownloader:Win32/Kuluoz.B. As the name suggests, Kuluoz.B will connect to a remote server to download additional malware, which will more than likely be a variant of Winwebsec, a fake antivirus program.
Prevent Kuluoz from Infecting Your PC
Assuming that you don’t want your computer to become infected with malware that will attempt to trick you into handing over your credit card information by performing bogus system scans & showing you a list of fake infections, keeping Kuluoz away from your computer is relatively easy. All you have to do is:
- Exercise caution when following hyperlinks.
- Keep your operating system fully patched & up-to-date.
- Always run antivirus software & keep the virus definitions current.