DOES SYMANTEC ENDPOINTPROTECTION SMLL BUSINESS EDITION detect the below?
Received 2 emails:
From:\ FedEx Service\ [mailto:exact.delivery@fedex.com]
Sent: Wednesday, February 01, 2012 3:38 AM
To:
Subject: Delivery Error No4868
FedEx notice,
Your package has been returned to the FedEx office.
The reason of the return is - Error in the delivery address.
Please print out the invoice copy attached and collect the package at our office.
FedEx Global.
AND
From:\ FedEx\ [mailto:your.support@fedex.com]
Sent: Wednesday, February 01, 2012 3:38 AM
To:
Subject: You need to get a parcel number %%N:3%%
Post notification,
Your package has been returned to the FedEx office.
The reason of the return is - Incorrect delivery address of the package.
Please print out the invoice copy attached and collect the package at our office.
FedEx Express Services.
Found the following on line:
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “FedEx, Shipment Notification”.
The email is send from the spoofed address “FedEx <no-reply@fedex.com>” and has the following body:
The attached ZIP file has the name FedEx-Shipment-Notification_GX3553U8-Jan2012.zip and contains the 200 kB large file FedEx-Shipment-Notification.exe.
The trojan is known as W32/Trojan3.DEC (F-Prot), Trojan-Spy:W32/Zbot.AVRN (F-Secure), Trojan-Dropper.Win32.Injector.clrk (Kaspersky), Trojan.Zbot (Sophos).
At the time of writing, only 11 of the 43 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: 28aba7221fe47882164fa45d9d63c58110b96b94d9b2291b692afaa7406c2e46.