MX Lab intercepted a new campaign of FedEx emails that have a trojan attached to the message. The email is sent from the spoofed address ”Fedex Support, Trisha Kimble” <kyeagl@fedex.com> – please note that the name of the person can change.
Possible subjects:
Fedex Invoice Copy N25524750
Fedex Item Status N4347526
Fedex Shipment Status N0919106
Fedex Tracking Number N7897143
The body of the email does not contains any text but only an embedded image.
The email has the attachment FEDEXInvoiceEE438252OP.zip. The 36 kB large file FedexInvoice_EE776129.exe is extracted from the zip archive.
At the time of writing, only 8 of the 42 AV engines at Virus Total did detect the trojan. The trojan is known as W32/Agent.JBI (Authentium), Suspicious:W32/Malware!Gemini (F-Secure), TrojanDropper:Win32/Oficla.T (Microsoft), a variant of Win32/Kryptik.GHC (NOD32).
Virus Total permlink and MD5: 2587d5dc4b18e652532e556ac26f2290
View full post on mxlab – all about anti virus and anti spam
Related Posts
- FedEx used for continued email malware – Zombies up 70%
It's been almost one month since we reported about the huge increase of email-borne malware attachments. The outbreaks have continued on an almost daily basis since then and we have noted a corr... - Fake AV served up by phony NACHA emails
A little while ago, phishing mails claiming to be from NACHA were in circulation - it seems the phishers have had enough of that, deciding to send out malicious files instead.
The mail claims an att... - Canadian Pharmacy pops up in emails from Facebook with subject “Welcome to Facebook Goods”
MX Lab, http://www.mxlab.eu, started to intercept a new spam campaign, since yesterday, by email with the subject “Welcome to Facebook Goods”. These messages are sent from the spoofed emai... - HM Revenue & Customs phishing emails – continued
MX Lab, http://www.mxlab.eu, is intercepting tax refund phishing emails with the subject “Please Submit Your Payment Refund″ and an attached HTML webpage. We have reported this earlier on on January 2... - Zbot and Black Hole Exploit Kit “all in one” fake Facebook notification Emails
Websense® Security Labs™ Threatseeker® network has detected a new malicious email campaign that masquerades as originating from Facebook. The campaign appears to ... - Freebox phishing emails
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Facture N: 01-249576284 !”, note that the invoice number changes with each e... - Facebook notification emails spreads malware
People have started getting the following email claiming that “Facebook Copyrights Department” has detected unusual Copyrights activity linked to your Facebook account , please follow the link bellow ... - Fake income tax refund emails making rounds.
We have observed that cyber criminals are sending fake emails about tax refund. This is a latest cyber crime activity where they are trying to trap innocent users aimed at extracting bank details in t... - “Twitter Notifications” spam emails leads to US Drugs web site
MX Lab, http://www.mxlab.eu, started to intercept a spam campaign with the subject “Twitter Notifications”, send from randomly spoofed email addresses, that leads to U.S. Drugs web site.
... - A wave of PayPal phishing emails
Over 200 million people have accounts on PayPal, making it a key target for internet fraudsters attempting to steal money.
One of the way that criminals try to get their hands on your cash is by phish...
Posted on 26 August 2010. Tags: emails, FedEx, FedexInvoice_EE776129 exe, new trojan variant
Hy
i recived a mail from FedEx service”
Subject : FedEx notice #8263351
No text just the attachment FedEx.zip , the yahoo antivirus scanned but not detected anything .
I have suspicion because i don`t have buyed anything and i searched in google and i see now this attachement it`s probably a trojan.
I fell for it. Which was pretty stupid considering i just removed this virus from a friends computer earlier today. Never heard of using FedEx as a base though, alright, time to fix my compy.
do not click the zip file I believe it is a virus
I’d no idea what has it brought…..! the yahoo scanner didn’t detect any virus while downloading from inbox….. later on I scaned the downloaded zip file with bitdefender, it didn’t show any threat either. Finally I opened the zip folder and dragged the exe file from it to the desktop and scanned with bitdefender…. Obviously! It detected no threat. Then I executed the file…..and it just disappeared…… I checked the quarantinne of bitdefender. I couldn’t find that there….. I think it has secured itself in the system of my pc somewhere!
So is there any good chance that I can remove it from my pc?
i believe is a virus
Try either a system restore or use any antivirus that scans the boot sector.