August 9, 2008 30 Comments
MX Lab has intercepted a few messages with the subject “[NO-REPLY] FedEx Tracking Number 26901603” with an attached trojan. After the UPS Tracking trojan campaign it’s now time to use FedEx.
The content of the email has the same characteristics as the UPS trojan:
Unfortunately we were not able to deliver postal package you sent on July the 31 in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office
The email has attached the zip archive named FedEx_Invoice.zip with the executable FedEx_Invoice_N882874421.exe. The “tracking number” in the subject and file can change of course.
Virus Total results and MD5: da90a0c3000eb90ebc9394e5568c5c9a. 7 of the 36 anti virus engines detect the trojan so be carefull when you receive the message.