Zip File Attached to Fake FedEx Notifications Hide New Trojan Variant

The recipient is informed that his/her parcel can't be delivered

  Only a dozen antivirus products detect the attachment as being a threat
Emails that purport to come from FedEx are highly common and most antivirus solutions are able to easily identify the threats attached to them. However, every once in a while the cybercriminals that launch these campaigns develop a new Trojan variant that’s initially detected only by a handful of security products.

Emails that purport to come from FedEx are highly common and most antivirus solutions are able to easily identify the threats attached to them. However, every once in a while the cybercriminals that launch these campaigns develop a new Trojan variant that’s initially detected only by a handful of security products.

Such is the latest case presented by mxlab. The researchers have found that a parcel delivery failure notification hides a malicious element that, at press time, was identified only by 12 out of 42 vendors as posing a threat.

“We couldn’t deliver your parcel. Reason:The weight of parcel is exceed the available parameters for free delivery,” reads part of the message.

The attachment that comes with it is named something like FedEx_Label_ ID_Order_83-27- 4534US.zip, the archive file containing an executable that’s detected as Kuluoz, Bredo or Dropper, depending on the antivirus product.

Comments