FedEx used for continued email malware – Zombies up 70%


It’s been almost one month since we reported about the huge increase of email-borne malware attachments.  The outbreaks have continued on an almost daily basis since then and we have noted a corresponding dramatic increase of over 70% in the number of zombies.

The traffic graph below shows the continued outbreaks (orange line).  As noted previously the levels shown below have not been seen for well over one year.  The outbreaks often reach levels of 20-40% of all email traffic.

Initially the attachments were “UPS package notifications”.  Then the subjects changed focus to “DHL package notifications”.  The zip attachment however, remained “UPS.exe” leading us to conclude that DHL were transporting UPS malware.

And now (the most logical step we suppose..) the subjects have changed to FedEx package notifications.  The attached “” file still extracts to “UPS.exe”.  The body text is actually an image served from a variety of fast changing domains.  The body of the email includes random text with a 1-point font size and white color.  In this example the text reads “fwa dp ud gn vbg we ayf zv ole” (yes – that’s quite random…)

dear customer the parcel was sent your home address and it will arrive within 7 business day.  more information and the tracking number are attached in the document below.  thank you


Go back