Not all FedEx deliveries contain packages that users expect.
Security researchers at AppRiver have observed an uptick in spam messages that appear to be shipping notifications from FedEx, but in fact contain Fareit malware, an information stealer that targets email passwords and browser-stored passwords, as well as FTP credentials.
During AppRiver’s analysis, the malware also downloaded a copy of the ever-popular Zeus Trojan onto the infected machine.
According to Troy Gill, manager of security research, the messages appear to contain a shipping receipt for a package that the courier was unable to deliver. The attached file, while it does have .PDF in the name, is actually a file archive utilizing the open source file archiver 7zip. Inside the compressed archive, you will find an executable file (.exe) that contains the Fareit malware.
“During our dynamic analysis, we observed all of the above being performed after the malware disabled local security tools,” he said, in a blog. “After scrapping the machine for the before mentioned credentials, it established an outbound connection and pulled down a copy of the ever-popular Zeus Trojan. Once the Zeus infection is in place, the attacker can gather more credentials such as banking information. In addition to having their data stolen, the victim’s machine is also vulnerable to being used to perpetuate more attacks or in future DDoS attacks.”
SOURCE: Tara Seals