Last week some of our customers informed us that they are receiving spam emails claiming to be from FedEx carrying the subject line: “FedEx Shipment Notification”. The email looks like this:
The spam email contains a Zip file. Upon extraction, it presents an executable file named “FedEx_Tracking_Report_Notification_ID.exe”. This is a malicious file belonging to the Zbot family. Quick Heal detects this file as Trojan.Zbot.Y.
When this file gets executed it hooks APIs used by Internet Explorer and Mozilla Firefox to steal login credentials and captures data when a user visits certain websites. It then sends the gathered information to remote servers. Cyber criminals may then use this information for malicious activities or they may even sell it in underground markets.
We advise you to stay away from such fraudulent emails and to never execute any attachment on the system received from any unknown sender.