Fake FedEx email contains bank password stealer

Posted Thursday, August 28, 2008 12:24 AM by hwaldron

The new FedEx attacks have been adapted from the prior UPS attacks.  Any email especially noting account or billing issues should be verified in a safe manner, e.g., telephone call.  Please be careful with all email as these messages appear to be almost geniune.


QUOTE: Remember the UPS spam runs that were popular last month? Spammers have chosen a different courier this time, but the message was basically the same

Posing as FedEx notifications, these email messages have the same format as their earlier UPS counterparts: tracking number (perhaps to make the message appear authentic), message body informing recipients that there was a problem with the delivery of a package, and a message urging the recipient to print the attached “invoice” to claim the “package”.

Even the attachment is of the same file type as those seen in the previous spam runs. The .ZIP file is an info stealer detected by Trend Micro as TSPY_ZBOT.MCS. ZBOT spyware are infamous keyloggers that are known to steal confidential information, such as those related to online banking credentials.


No Comments