From last week, some of our customers informing us that they are getting spam email from FedEx having subject line: FedEx Shipment Notification. The email looks like below:
The spam email contains a Zip file; on extraction it gives an executable file named FedEx_Tracking_Report_Notification_ID.exe. This is a malicious file belongs to Zbot family.
Quick Heal detects this file as Trojan.Zbot.Y.
When this file get executed, it hooks APIs used by Internet Explorer and Mozilla Firefox to steal login credentials and captures data when a user visits certain websites. It then send the gathered information to remote servers. Cyber criminals may then use this information for their malicious activities or they may be sold it in underground markets.
We recommend you all to stay away from such fraud emails and do not ever execute any attachment on the system received from any unknown sender.
Leave a reply