All the latest UK technology news, reviews and analysis

Automated Blackhole Trojan targeting FedEx customers

30 Jan 2013
malware virus security threat scam

Security vendors have uncovered a new mass phishing campaign, tied to the Blackhole exploit kit, which is targeting FedEx customers.

Symantec and Webroot issued statements confirming they had detected an influx of malicious, malware-containing emails masquerading as FedEx receipts.

"Symantec Security Response is aware that fake FedEx emails have been circulating recently. The emails claim the user must print out a receipt by clicking on a link and then physically go to the nearest FedEx office to receive their parcel," said Shunichi Imano, a Symantec security researcher in a company blog.

"Obviously the parcel does not exist and those who click on the link will be greeted by a file containing a malicious PostalReceipt.exe executable file. Instead of receiving a parcel, which the user did not order in the first place, Trojan.Smoaler is delivered to the computer."

At the time of publishing FedEx had not responded to V3's request for comment, though the company has posted a statement online confirming it is aware of the scam.

"We have received reports of fraudulent emails claiming to come from FedEx regarding 'undeliverable' shipments and fake FedEx delivery notifications," warned FedEx.

"The emails are asking you to click on a link and print a receipt to take to your nearest FedEx location. FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information."

Webroot has since issued a separate warning linking the campaign to the Blackhole exploit kit. It accused the same group of cyber criminals responsible for a similar campaign targeting PayPal customers as being behind it.

"We've already seen the same IP ( and name servers used in the following previously profiled malicious campaigns, indicating that they've been launched by the same party," warned Webroot's Dancho Danch.

Symantec backed up Webroot's findings, confirming its research had come to the same conclusion.

"The Fedex spam works by tricking users into clicking an email link to a compromised domain. This then redirects users to malicious domains which host exploit kits such as Blackhole or CoolEK," Symantec security response senior manager, Orla Cox told V3.

"These then exploit known vulnerabilities which ultimately deliver the Smoaler payload. The technique used is very similar to other spam botnets such as Trojan.Pandex."

Blackhole is one of many exploit kits available on the cyber black market. It allows non-skilled criminals to mount automated cyber attacks.

The link to the Blackhole exploit is troubling. As well as basic phishing scams, the kit has been linked to more serious attacks, including an exploit that targeted a recently patched vulnerability in Oracle's Java platform.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Related jobs

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

.NET Software Developer - C# - Cloud Software Specialists

.NET Software Developer - C# - Cloud Software Specialists...

Infrastructure & Network Analyst

Infrastructure & Network Analyst Solihull (and...

CRM System Officers

At the University of Derby, people are at the heart of...

Business Intelligence Analyst

Citywire is a global publishing company with offices...
To send to more than one email address, simply separate each address with a comma.