Fake FedEx email with message in image and malware attachments
For a couple of days I have been seeing a new round of nasty Trojan attachments in emails posing as FedEx invoices. This scam is not new. It has been ongoing for months now. The payload, in an attached zipfile, has been either the Bredolab or Zeus Trojan in the recent past. The Bredolab makes a PC a member of a spam and DDoS Botnet. The Zeus (Zbot) plants and info stealing keylogger on your system, then protects it wilh a rootkit. The Zeus monitors logins to a long list of popular banks, payment processors and online game sites, then captures the key strokes as you log in, and soon, most of your money is gone to Russia.
Although the scam is not new, the method of delivering the convincing con has changed. This week has seen the arrival of the con being embedded in an inline image, in the .jpg format. The message I am looking at right now has the following text embedded as its content:
"Dear,
Unfortunately we failed to deliver the postal package you sent on the 27th of July in time because the recipient's address is erroneous. Please print out the invoice copy attached and collect the package at our office."
The message then screws its own pooch by displaying this odd text: "'Spiderman' climbs again in Sydney ." However, I'm sure that will disappear, as spam filters around the world tune in to that phrase.
The attachment, which claims to be a FedEx document (invoice) is inside a .zip file and is in fact a very dangerous Trojan. If you open the zip file and launch the embedded executable, your PC will become a zombie member of a spam and attack Botnet, and or will have the Zeus Trojan installed, to steal your logins and money.
If you may have already fallen for this scam, please scan your computer with the Trend Micro online Housecall malware scanner. Then, if at all possible, update your existing anti-virus program and scan with it. If your anti-virus is old and the subscription is expired, download a free, fully functional trial of Trend Micro Internet Security. Install it, update it, then scan the entire computer.
Further, I recommend downloading and installing/scanning with Malwarebytes Anti-malware (MBAM). Both of these security applications will detect the threats contained in the fake FedEx scams attachments and will halt their hidden processes and delete their files. You will have to restart the PC and scan again and may have to disable System Restore. Many types of malware hide as backups in the hidden system restore folder and are restored after you clean the machine, then reboot. Turning off System Restore kills the malware backups. Don't forget to turn it back on after cleaning has completed!
If the malware prevents you from updating, or installing, or running a real security program, go to Bleeping Computers malware removal forum, sign up for an account, read the instructions, then open a new topic requesting personal help. A trained, volunteer malware removal expert will assist you as soon as he or she is able to. They will recommend free tools you can use to restore your PC to normal working condition. Read every word carefully and only do what you are asked to do.
Malwarebytes also has an expert malware removal assistance forum. Their forums are meant for people attempting to use MBAM to remove malware.
Both of the aforementioned programs will protect you from getting infected in the first place! Trend Micro Internet Security not only has regularly updated onboard malware definitions and behavioral analysis engines, but also consults a definitions server referred to as a "Cloud Server." As new releases of malware are captured (by security company honeypots), they are rapidly examined and new definitions are published to the Cloud servers, before they are pushed to client computers. Further, the destination websites are instantly blocked by the "Trend Micro Smart Protection Network." All subscribers to Trend Micro security programs are instantly protected from visiting those hostile websites and servers. You can learn more, download and purchase a subscription here.
Malwarebytes Anti-Malware is free to use in purely manual mode, but this won't protect you against reinfection. You can get realtime protection and automatic updating and scanning by paying $24.95 US dollars or equivalent in your currency, for a lifetime license. Read the details and download or purchase a license for MBAM here.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.