Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

FedEx used for continued email malware – Zombies up 70%

It’s been almost one month since we reported about the huge increase of email-borne malware attachments. The outbreaks have continued on an almost daily basis since then and we have noted a corresponding dramatic increase of over 70% in the number of zombies.

The traffic graph below shows the continued outbreaks (orange line). As noted previously the levels shown below have not been seen for well over one year. The outbreaks often reach levels of 20-40% of all email traffic.

Initially the attachments were “UPS package notifications”. Then the subjects changed focus to “DHL package notifications”. The zip attachment however, remained “UPS.exe” leading us to conclude that DHL were transporting UPS malware.

And now (the most logical step we suppose..) the subjects have changed to FedEx package notifications. The attached “” file still extracts to “UPS.exe”. The body text is actually an image served from a variety of fast changing domains. The body of the email includes random text with a 1-point font size and white color. In this example the text reads “fwa dp ud gn vbg we ayf zv ole” (yes – that’s quite random…)

dear customer the parcel was sent your home address and it will arrive within 7 business day.  more information and the tracking number are attached in the document below.  thank you

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...