Analysis by: Michael Casayuran

Trend Micro received samples of delivery notification purportedly from FedEx. Its appearance and contents are almost indentical to the legitimate FedEx email notification. The message contains specific details such as a tracking number, to make it appear more credible to recipients. However, it also comes with a .ZIP attachment that contains a .EXE file, which detected as TSPY_BEBLOH.BNP.





Users should be cautious of such message and not readily download attached files from email messages. It is also helpful to know the difference between a legitimate message from spam. Real FedEx email typically do not contain attachments. Instead, they contain a link where recipients will be able to track the status of their shipments.



Spoofing delivery notification from well-known couriers such as FedEx is a very old technique used by spammers to lure users into their scheme. Recipients who are indeed expecting a delivery notification are likely to download the attached malware, in the end becoming victims to this threat. The following are some of the similar incidents we have reported in the past.




 SPAM BLOCKING DATE / TIME: January 24, 2012 GMT-8
 TMASE INFO
  • ENGINE:
  • PATTERN:8666