Zip File Attached to Fake FedEx Notifications Hide New Trojan Variant

The recipient is informed that his/her parcel can't be delivered

By on May 31st, 2012 14:38 GMT

Emails that purport to come from FedEx are highly common and most antivirus solutions are able to easily identify the threats attached to them. However, every once in a while the cybercriminals that launch these campaigns develop a new Trojan variant that’s initially detected only by a handful of security products.

Such is the latest case presented by mxlab. The researchers have found that a parcel delivery failure notification hides a malicious element that, at press time, was identified only by 12 out of 42 vendors as posing a threat.

“We couldn’t deliver your parcel. Reason:The weight of parcel is exceed the available parameters for free delivery,” reads part of the message.

The attachment that comes with it is named something like FedEx_Label_ ID_Order_83-27-, the archive file containing an executable that’s detected as Kuluoz, Bredo or Dropper, depending on the antivirus product.