Warning: E-mails pretending to be from FedEx can wreak havoc

FedEx spamIf your mailbox has been bombed the last couple of weeks by e-mails appearing to be from FedEx and claiming a package sent to you has gone undelivered, blame Zeus, king of criminal bots, for helping to release another Kraken on the Internet. The bogus spam e-mails are still finding their way into mailboxes as you read.

This is far from the first time the FedEx brand and its domain has been spoofed. But these e-mails are written to seem like they are coming from a staff person (often with a Hispanic name) inside FedEx, using a @fedex.com suffix. Some are sent with a subject line saying "Fedex Invoice copy" and "Fedex Item Status."

Unlike other falsely FedEx-branded malware attacks, this one contains an attached image instead of text, according to technology specialist Graham Cluley at U.K.-based Security firm Sophos.

The text says:
Dear ,
Unfortunately we failed to deliver the postal package you have sent on the 27th of July in time because the recipient's address is erroneous. Please print out the invoice copy attached and collect the package at our office.
Don't download the attachment, which will deliver a Trojan horse program to your computer. The real FedEx published a special page on this attack and lists other examples of spam letters here.

McAfee, another security company, yesterday tied the attack to a criminal effort using Zeus, a package of programs that originated in Russia and has been around for three or so years. Anyone with the know-how and contacts can buy Zeus (for about $700, according to Symantec) and use it to steal information, like e-mail passwords and protected stored data, such as Internet Explorer passwords. Zeus spreads its malware mostly through e-mail spam.

McAfee says the most current attack the company has seen is focused on banks outside the United States. But it seems lots of regular folks are collateral damage in the attack.

How much of a threat is it to you? Probably not a lot, if you have your spam filter set or your ISP, like mine, has been stopping the messages before they get reach my inbox (even so, you probably will get a notification in your e-mail when this happens). But those who are less guarded could mistake these messages for real communications from FedEx, since they use the @fedex.com suffix and the writers are fairly proficient in English. The use of an image file to deliver the malware may fool some spam filters, though it didn't fool mine.
Read Full Story

From Our Partners