Ranjeet Menon

FedEx Spam Mail Leads Users To Install Fake AV

August 17, 2011
Estimated reading time: 2 minutes

A new spam email pretending to have arrived from FedEx is being discovered in the wild. This spam mail includes a subject line like “FedEX Notifications”.
The mail also carries an attachment which contains details about a supposed delivery. The mail asks the user to extract this attachment.

Upon extraction of the attachment, the user gets a malicious .exe file which has a PDF file icon.

If the user executes this malicious executable inside the zip attachment, it performs the following activity:
– Creates the process SVCHOST.EXE and injects its code.
– Downloads the fake tool file from the url “http://6X.9X.116.16”.

After the download is completed, it installs the FakeAV application. Once installed, it will show a ‘Fake System Repair Alert’ as seen below:

Quick Heal detects the attachment and the installed FakeAV file and protects its users.
We strongly recommend that users do not open such attachments from unknown emails.

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.