Sponsored by..

Friday 25 January 2013

FedEx spam / vespaboise.net

This fake FedEx spam leads to malware on vespaboise.net:


Date:      Fri, 25 Jan 2013 15:39:33 +0200
From:      services@fedex.com
Subject:      FedEx Billing - Bill Prepared to be Paid

    FedEx Billing - Bill Prepared to be Paid
        fedex.com        
       
[redacted]

You have a new invoice(s) from FedEx that is prepared for discharge.

The following invoice(s) are ready for your overview:

Invoice Number
   
Invoice Amount
2-649-22849
   
49.81
1-181-19580
   
257.40

To pay or overview these invoices, please log in to your FedEx Billing Online account proceeding this link: http://www.fedex.com/us/account/fbo

Note: Please do not use this email to submit payment. This email may not be used as a remittance notice. To pay your invoices, please visit FedEx Billing Online, http://www.fedex.com/us/account/fbo


Thank you,

Revenue Services

FedEx

Please Not try to reply to this message. auto informer system cannot accept incoming mail.

The content of this message is protected by copyright and trademark laws under U.S. and international law.

review our privacy policy . All rights reserved.

The malicious payload is at [donotclick]vespaboise.net/detects/invoice_overview.php which is on the very familiar IP address of 222.238.109.66 (Hanaro Telecom, Korea) which has been used in several recent attacks.. blocking it would be prudent.

1 comment:

Unknown said...

vespaboise.net is registered to: Paul Shields. (239) 455-5390. 5203 Beckton Rd Ave Maria, FL 34142-5036

Perhaps it would be salutary if those of us who have received the spam that leads to his malicious virus download web-page were to give him a call, asking him to take it down.

Also, since it appears that this is neither the first or only time his website has been used this way, that someone with legal experience might send him a cease and desist letter.

Just a couple of thoughts.