New FedEx Tracking number trojan outbreak
August 20, 2008 17 Comments
MX Lab has detected and intercepted a new outbreak of the FedEx Tracking number trojan. It appears to be a variant
Subject is now “FedEx Tracking N_2545362053″ – where the number is random. The From address is spoofed and is not an official FedEx email address. So this email is easy to detect and when looking at the email from and body you should be able to identify this as suspicious.
The messages contains:
Unfortunately we were not able to deliver postal package you sent on August the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
The attached malware is in a zip file named WD6128922.zip and contains the executable with file name WD6128922.exe.
As a reminder, FedEx will never give you tracking information in this way. All tracking regarding shipments is done on their web site. And if something went wrong, FedEx won’t send out an email with a Zip file attached.
The file is submitted to Virus Total at around 1:30 PM CET. MX Lab submitted the file for analysis around 9:17 PM CET and only 9 anti virus engines detect this variant. So be carefull not to open the zip file and especially don’t start the executable. Virus Total permalink and MD5: df73c2b3562ef157c10ba1a16b4c8885.