Email “FedEx, Shipment Notification” with trojan in zip attachement


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “FedEx, Shipment Notification”.

The email is send from the spoofed address “FedEx <no-reply@fedex.com>” and has the following body:

The attached ZIP file has the name FedEx-Shipment-Notification_GX3553U8-Jan2012.zip and contains the 200 kB large file FedEx-Shipment-Notification.exe.

The trojan is known as W32/Trojan3.DEC (F-Prot), Trojan-Spy:W32/Zbot.AVRN (F-Secure), Trojan-Dropper.Win32.Injector.clrk (Kaspersky), Trojan.Zbot (Sophos).

At the time of writing, only 11 of the 43 AV engines did detect the trojan at Virus Total.

Virus Total permalink and SHA256: 28aba7221fe47882164fa45d9d63c58110b96b94d9b2291b692afaa7406c2e46.

14 thoughts on “Email “FedEx, Shipment Notification” with trojan in zip attachement

  1. Received today email

    FedEx Service

    with following message
    FedEx notice,

    Your package has been returned to the FedEx office.
    The reason of the return is – Error in the delivery address.
    Please print out the invoice copy attached and collect the package at our office.
    FedEx Global.

    With zip attachment. Did not open. Thought you should know

  2. I recieved a mail today:

    Dear Customer,

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the “Invoice Copy” attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you for attention. FedEx Global.
    With zip attachment. Did not open.

  3. Received from FedEx Express (your-information@fedex.com) ,

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the “Invoice Copy” attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you for attention. FedEx Customer Services.

    Did not open after reading this, also Hotmail flagged it as having a virus.

  4. mine says

    Notice,

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the “Invoice Copy” attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you. FedEx Customer.

  5. Mine said:
    “The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the “Invoice Copy” attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you for attention. FedEx Customer. ”

    I clicked on the link as I’m expecting a parcel. fortunately AVAST found the trojan in time.

  6. FedEx notification,

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the “Invoice Copy” attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you. FedEx Services.

  7. Notice,

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the “Invoice Copy” attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you for attention. FedEx Global.

  8. I got mine early this morning, it was sent to the wrong email address I provided to the company I ordered from ?

    “From: FedEx
    Subject: FEDEX Delivery Error ID3209
    Date: March 3, 2012 9:26:40 PM MST
    To:
    Reply-To: FedEx

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the “Invoice Copy” attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you for attention. FedEx Customer. ”

    I tried to open the invoice but it wouldn’t open, and instead, duplicate copies of the invoice appeared in my downloads folder. I don’t know if my mac has picked up the virus or not, I scanned with Trend Micro but nothing popped up.

    I’m just confused, I want to know where my package is. I had two day shipping and it isn’t here yet. Are there really weight limits for deliveries?

  9. FedEx notification,

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the “Invoice Copy” attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you for attention. FedEx Services.

    I clicked on the link but did not happen nothing. I don’t know if my PC has picked up the virus or not

  10. I received this at 2.19am this morning in my junk mail along with an attachment ( FedEx_Label_ID_Order_83-27-4534US.zip (55.8 KB)):

    “Delivery information,

    We couldn’t deliver your parcel.
    Status deny:An error at the delivery address.

    LOCATION OF YOUR ITEM:Fresno
    STATUS: sort order
    SERVICE: Expedited Shipping
    ITEM NUMBER:U686970962NU
    FEATURES: No

    Postal label is enclosed to the letter.
    Print your label and show it in the nearest post office of USPS

    Information in brief:
    If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $11.99 for each day of keeping over limited time.

    You can find the information about the procedure and conditions of parcels keeping in the nearest office.

    Thank you for your attention.
    FedEx Services.”

  11. I received the FedEX virus this morning and even though I know better and have always deleted these type of email viruses, today I had a brain fart and I clicked on to open the attachment.

    I use Mozilla Firefox and whenever I download anything, the first thing I see is a page from Mozilla listing all the downloads I have ever done. Sometimes I have to click on the specific download for it to open; other times the download will automatically open. Well, immediately after I clicked to open the attachment (virus) the light bulb went off and I realized what I had done. As soon as the download window appeared and I saw that the FedEx download was there at the top of the page I removed it from the list. I then deleted the email itself.

    My question is whether the virus attached itself or was I able to get to delete it in time? When I removed it from the download list, is that the same as closing it?

    One last thing, for several minutes afterward, I did hear my tower making noises like it was processing something. Could it have been the virus being embedded?

    Thanks for any help I can get.

  12. Received 4 of these email in the past 2 days. I haven’t sent anything in a while, so I thought I should check it out. Thanks for the info. 4 different emails came each with different titles.

Comments are closed.