A new spam mail pretending to be arriving from FedEx being spammed in the wild. This spam mail includes subject about “FedEX Notifications”.
The mail is having an attachment, the mail ask the user to extract the attachment which having a document, contains the details about the dilevery.
On extraction of the attachment, the user get a malicious exe file, which having a PDF file icon.
If the user executes the malicious executable inside the zip attachment, it performs the following activity:
Creates the process SVCHOST.EXE and injects its code.
Downloads the fake tool file from the url “http://6X.9X.116.16”.
After download get finished, it installs FakeAV application. Once installed it will show a Fake System Repair Alert as seen below:
Quick Heal detects the attachment and installed Fake AV file and protect it’s users.
We strongly recommend the users not to open such attachments from the unknown emails.
Leave a reply