Friday, 19 December 2014

malware: fake FedEx Priority Overnight email

I've seen fake FedEx emails before...

Subject: Delivery Status Notification
From: "FedEx Priority Overnight"
  Dear Customer,
  Your parcel has arrived at December 12. Courier was unable to deliver the parcel to you.
  To receive your parcel, print this label and go to the nearest office.

  Get Shipment Label
  FedEx 1995-2014

Screen grab...

If you "hover" the mouse of the "Get Shipment Label":


Hmmm... doesn't seem legit at all... and you're correct it's not.

What is interesting if you clicked on the link... the downloaded file is named to be Label-, followed
by your IP locations details...


Inside the above zip is: Label-Winsford-CW7.exe

All of which is designed to make the email seem legit, as they have your Location and Postcode !

A typical Get your Location details from your IP address/Browser can be found here:

I've run the file through Jotti and VirusTotal:

Hash: (94c5fb4c6c6fc1da555a909b63784e1) Jotti: [6/22]
Hash: (94c5fb4c6c6fc1da555a909b63784e1) VirusTotal: [10/56]

Generally, it seems to be: Win32/Kryptik.CTFL



No comments: