Date: Wed, 12 Feb 2014 07:53:36 -0700 [09:53:36 EST]
From: FedEx [yama@rickyz.jp]
Subject: Track shipments/FedEx 7487214609167750150131 results: Delivered
Track shipments/FedEx Office orders summary results:
-----------------------------------------------------------------------
Tracking number Status Date/Time
7487214609167750150131 Delivered Feb 11, 2014
11:20 AM
Track shipments/FedEx Office orders detailed results:
-----------------------------------------------------------------------
Tracking number 7487214609167750150131
Reference 304562545939440100902500000000
Ship date Feb 03, 2014
Ship From NEW YORK, NY
Delivery date Feb 11, 2014 11:20 AM
Service type FedEx SmartPost
Tracking results as of Feb 11, 2014 3:37 PM CST
Click Here and get Travel History
-----------------------------------------------------------------------
Disclaimer
-----------------------------------------------------------------------
FedEx has not validated the authenticity of any email address.
In this case, the link in the email goes to [donotclick]pceninternet.net/tracking.php?id_7487214609167750150131 which downloads an archive file track_shipments_FedEx.zip.
In turn, this ZIP file contains the malicious executable with the lovely name of Track_shipments_FedEx_Office_orders_summary_results_Delivered_tracking_number_9384758293431234834312_idju2f83f9hjv78fh7899382r7f9sdh8wf.doc.exe
which has an icon that makes it look like a Word document. This has a VirusTotal detection rate of 15/49, but automated analysis tools are inconclusive as to its payload [1] [2] [3].
No comments:
Post a Comment