Fake FedEx Email Borne Malware Alert

Over the last 24 hours we have seen a large influx of a new email borne malware campaign alleging to be a notification of non-delivery from FedEx.
The email alleges that you sent a package on July 25, but because the recipient's address was not correct when it was shipped it had not been delivered. It then asks the user to print out a copy of the attached invoice (a .zip file which contains malware) and to collect a copy of the package at the FedEx Office (address of office not given, which should be one clear indicator that something is fishy about the email).

Sample subject lines that we have seen in our Threat Operations Center include:

You Have A Package!!!
Tracking N

Volumes have been pretty high as we have seen over 21M of these fakes hit our systems within the last 24 hours, accounting for about 80% of all of the email borne malware that we have seen over that same period.

It's times like this that we are reminded that although many of the large scale malware campaigns that we now see are hosted on infected web sites, static malware distributed over email is still an active, viable tactic being employed by cyber criminals.

If You Predict It, Spam Will Come

I've taken a bit of heat internally because I neglected to announce last week's posting of the monthly MX Logic Threat Report and Forecast for September.  The latest edition can be downloaded here.

In that report we mention our prediction that as the Democratic and Republican National Conventions concluded and as the campaign season kicks into high gear that we expected to see a continuation of some of the more recent spam tactics that have been employed where hackers were using tabloid like news headlines as a lure to get people to open malicious emails, but with a political twist.  So, instead of using fake Britney Spears or Oprah headlines as a means to get unsuspecting users to view a video or news clip the movement has started toward targeting Barack Obama using similar means.

Some of the subject lines that we are currently seeing targeting Obama are:

Obama is ponstar now

Porno with Obama

Sex Video with Obama

Obama Sex Video

Barack Obama Hardcore

Barack Obama sex story with girl

Obama private porno

Barack Obama sex story with Ukrainian girl

Note that we have not yet seen any similar tactics targetting John McCain.

Volume on this tactic is currently extremely low (under 100 total have been seen thus far), but this is likely a proof of concept method that will play itself out over the next two months where more believable tactics are used by spammers.  Instead of using tabloid like headlines, be on the lookout for emails containing attachments or links to sites claiming to be hosting the latest candidate television commercial or video with excerpts from a speech at their latest campaign stop.

Obviously there is a bit of a shock factor with these tabloid like headlines that grab people's attention, but since this tactic has been around for several weeks now, expect it to morph to using lures that are far more plausible in the very near future.

Posted by smasiello at 12:15 PM at MX Logic