Sponsored by..

Friday, 25 January 2013

FedEx spam / vespaboise.net

This fake FedEx spam leads to malware on vespaboise.net:

Date:      Fri, 25 Jan 2013 15:39:33 +0200
From:      services@fedex.com
Subject:      FedEx Billing - Bill Prepared to be Paid

    FedEx Billing - Bill Prepared to be Paid

You have a new invoice(s) from FedEx that is prepared for discharge.

The following invoice(s) are ready for your overview:

Invoice Number
Invoice Amount

To pay or overview these invoices, please log in to your FedEx Billing Online account proceeding this link: http://www.fedex.com/us/account/fbo

Note: Please do not use this email to submit payment. This email may not be used as a remittance notice. To pay your invoices, please visit FedEx Billing Online, http://www.fedex.com/us/account/fbo

Thank you,

Revenue Services


Please Not try to reply to this message. auto informer system cannot accept incoming mail.

The content of this message is protected by copyright and trademark laws under U.S. and international law.

review our privacy policy . All rights reserved.

The malicious payload is at [donotclick]vespaboise.net/detects/invoice_overview.php which is on the very familiar IP address of (Hanaro Telecom, Korea) which has been used in several recent attacks.. blocking it would be prudent.

1 comment:

Patricia Morrow said...

vespaboise.net is registered to: Paul Shields. (239) 455-5390. 5203 Beckton Rd Ave Maria, FL 34142-5036

Perhaps it would be salutary if those of us who have received the spam that leads to his malicious virus download web-page were to give him a call, asking him to take it down.

Also, since it appears that this is neither the first or only time his website has been used this way, that someone with legal experience might send him a cease and desist letter.

Just a couple of thoughts.