Sponsored by..

Wednesday 12 February 2014

"Track shipments/FedEx" spam

This fake FedEx spam leads to malware:

Date:      Wed, 12 Feb 2014 07:53:36 -0700 [09:53:36 EST]
From:      FedEx [yama@rickyz.jp]
Subject:      Track shipments/FedEx 7487214609167750150131 results: Delivered

Track shipments/FedEx Office orders summary results:
Tracking number        Status              Date/Time
7487214609167750150131  Delivered           Feb 11, 2014     
                                           11:20 AM     

Track shipments/FedEx Office orders detailed results:
Tracking number       7487214609167750150131

Reference             304562545939440100902500000000
Ship date             Feb 03, 2014
Ship From           NEW YORK, NY
Delivery date         Feb 11, 2014 11:20 AM
Service type          FedEx SmartPost

Tracking results as of Feb 11, 2014 3:37 PM CST

Click Here and get Travel History


FedEx has not validated the authenticity of any email address.

In this case, the link in the email goes to [donotclick]pceninternet.net/tracking.php?id_7487214609167750150131 which downloads an archive file track_shipments_FedEx.zip.

In turn, this ZIP file contains the malicious executable with the lovely name of Track_shipments_FedEx_Office_orders_summary_results_Delivered_tracking_number_9384758293431234834312_idju2f83f9hjv78fh7899382r7f9sdh8wf.doc.exe
which has an icon that makes it look like a Word document. This has a VirusTotal detection rate of 15/49, but automated analysis tools are inconclusive as to its payload [1] [2] [3].

No comments: