Beware of FedEx emails!!!

[WharfRat]

Fake, virus-laden FedEx emails appearing in inboxes

kvue.com
Posted on December 7, 2012 at 12:51 PM
Updated today at 1:12 PM
AUSTIN -- Today I did something I've never done. I clicked on an email link that contained a computer virus.
I was the perfect target. Because I've been ordering the majority of my Christmas gifts online and recently sent a Christmas gift via FedEx, when I saw an email that appeared to be from FedEx in my inbox, I clicked on it without hesitation.

full article:

Fake, virus-laden FedEx emails appearing in inboxes | kvue.com Austin

 

[plax]

Yeah, I've been seeing those too. And not only spoofed as being from FedEx, but also from UPS, LinkedIn, and the Better Business Bureau. Here's an AV log excerpt of a few that I've received recently:

10/30/2012 5:44:06 AM    POP3 filter    email message    from: FedEx <[email protected]> to: query@[edited] with subject UPS: Your Package H2620555202 dated Tue, 30 Oct 2012 03:53:31 +0600     Win32/Cridex.AA worm    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
10/22/2012 7:30:54 PM    POP3 filter    email message    from: "BBB Complaint Department" <[email protected]> to: <support@[edited]> with subject RE: Case #81229920 dated Mon, 22 Oct 2012 20:58:41 +0200     a variant of Win32/Kryptik.ANNG trojan    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
10/22/2012 8:48:41 AM    POP3 filter    email message    from: "UPS Support" <[email protected]> to: <query@[edited]> with subject UPS Invoice:16368154581 dated Mon, 22 Oct 2012 17:52:44 +0600     Win32/LockScreen.ANX trojan    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
10/22/2012 8:48:31 AM    POP3 filter    email message    from: "UPS Support" <[email protected]> to: <qexmange@[edited]>, <query@[edited]>, <support@[edited]>, <nima@[edited]>, <sales@[edited]>, <gnilerg1986@[edited]> with subject UPS information #45009981553 dated Mon, 22 Oct 2012 02:04:39 -0500     Win32/LockScreen.ANX trojan    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
10/22/2012 8:37:40 AM    POP3 filter    email message    from: "UPS Support" <[email protected]> to: <query@[edited]> with subject UPS Invoice:16368154581 dated Mon, 22 Oct 2012 17:52:44 +0600     Win32/LockScreen.ANX trojan    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
10/22/2012 8:37:27 AM    POP3 filter    email message    from: "UPS Support" <[email protected]> to: <qexmange@[edited]>, <query@[edited]>, <support@[edited]>, <nima@[edited]>, <sales@[edited]>, <gnilerg1986@[edited]> with subject UPS information #45009981553 dated Mon, 22 Oct 2012 02:04:39 -0500     Win32/LockScreen.ANX trojan    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
8/24/2012 6:28:45 AM    POP3 filter    email message    from: LinkedIn Password <[email protected]> to: support <support@[edited]> with subject United Postal Service Tracking Number H4476462328 dated Mon, 20 Aug 2012 03:02:38 -0800     Win32/Kryptik.AKOR trojan    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
8/21/2012 9:19:35 AM    POP3 filter    email message    from: From: "[email protected]" <[email protected]> with subject FedEx Tracking Notification #822608005088 - Tue, 7 dated Tue, 7 Aug 2012 10:51:15 -0500     a variant of Win32/Kryptik.AJPK trojan    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
7/31/2012 5:47:54 PM    POP3 filter    email message    from: "UPS TEAM 04" <[email protected]> to: <support@[edited]> with subject UPS: Your Package H9687608522 dated Mon, 30 Jul 2012 07:02:00 -0800     Win32/AutoRun.Spy.Banker.R worm    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
7/22/2012 10:40:29 AM    POP3 filter    email message    from: FedEx <[email protected]> to: query@[edited] with subject We can not diliver your package dated Fri, 20 Jul 2012 10:12:51 -0600     Win32/AutoRun.Spy.Banker.R worm    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.
7/22/2012 10:35:28 AM    POP3 filter    email message    from: FedEx <[email protected]> to: support@[edited] with subject We can not diliver your package dated Fri, 20 Jul 2012 12:21:46 +0100     Win32/AutoRun.Spy.Banker.R worm    contained infected files    NOMENCLATURE\User1    Threat was detected upon receiving email by the application: C:\Program Files\Outlook Express\msimn.exe.