All the latest UK technology news, reviews and analysis

Automated Blackhole Trojan targeting FedEx customers

30 Jan 2013
malware virus security threat scam

Security vendors have uncovered a new mass phishing campaign, tied to the Blackhole exploit kit, which is targeting FedEx customers.

Symantec and Webroot issued statements confirming they had detected an influx of malicious, malware-containing emails masquerading as FedEx receipts.

"Symantec Security Response is aware that fake FedEx emails have been circulating recently. The emails claim the user must print out a receipt by clicking on a link and then physically go to the nearest FedEx office to receive their parcel," said Shunichi Imano, a Symantec security researcher in a company blog.

"Obviously the parcel does not exist and those who click on the link will be greeted by a file containing a malicious PostalReceipt.exe executable file. Instead of receiving a parcel, which the user did not order in the first place, Trojan.Smoaler is delivered to the computer."

At the time of publishing FedEx had not responded to V3's request for comment, though the company has posted a statement online confirming it is aware of the scam.

"We have received reports of fraudulent emails claiming to come from FedEx regarding 'undeliverable' shipments and fake FedEx delivery notifications," warned FedEx.

"The emails are asking you to click on a link and print a receipt to take to your nearest FedEx location. FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information."

Webroot has since issued a separate warning linking the campaign to the Blackhole exploit kit. It accused the same group of cyber criminals responsible for a similar campaign targeting PayPal customers as being behind it.

"We've already seen the same IP ( and name servers used in the following previously profiled malicious campaigns, indicating that they've been launched by the same party," warned Webroot's Dancho Danch.

Symantec backed up Webroot's findings, confirming its research had come to the same conclusion.

"The Fedex spam works by tricking users into clicking an email link to a compromised domain. This then redirects users to malicious domains which host exploit kits such as Blackhole or CoolEK," Symantec security response senior manager, Orla Cox told V3.

"These then exploit known vulnerabilities which ultimately deliver the Smoaler payload. The technique used is very similar to other spam botnets such as Trojan.Pandex."

Blackhole is one of many exploit kits available on the cyber black market. It allows non-skilled criminals to mount automated cyber attacks.

The link to the Blackhole exploit is troubling. As well as basic phishing scams, the kit has been linked to more serious attacks, including an exploit that targeted a recently patched vulnerability in Oracle's Java platform.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Custom Development Program Manager - 3D Imaging

Location: based in Thame, near Oxford Combine...

Technical Project Managers

Technical Project Managers Bitwise is looking for...

IT Consultant

Caiman Information Technology Services Ltd is seeking...

Director of E-Learning

Director of E-Learning Start date: As soon as possible...
To send to more than one email address, simply separate each address with a comma.