Bangkok--11 Feb--Oasis Media
Symantec Security Response has observed that fake FedEx emails have been circulating. In the emails, users are asked to click on a link to print out a receipt in order to retrieve their parcel in person from the nearest FedEx office. For unsuspecting users who click on the link, they will be greeted by a PostalReceipt.zip file containing malicious PostalReceipt.exe executable file. Instead of receiving a parcel, a malware Trojan.Smoaler is delivered to their computer.
All the fake FedEx emails delivering this malware are almost identical except for the order numbers and the website the zip file is hosted on. One sign of laziness or perhaps an oversight on the part of the malware author, is the use of the same Order Date. The author does change the domain where Trojan.Smoaler is hosted daily.
FedEx has posted a warning on its website along with further information about online security. As always, Symantec recommends users to keep their antivirus up to date and avoid clicking on links in emails received from unknown senders. If a suspicious email originates from an organization that you do not have any personal business dealings with, it should be assumed that these emails are potentially malicious and should not be opened.