Monday, December 3, 2012

FedEx Spam Delivers Zortob.B Trojan at Your Virtual Doorstep

FedExThere’s a fresh batch of FedEx spam going out, loaded with a malicious link that will attempt to drop malware posing as a postal receipt onto your computer.

The email may carry the FedEx logo and a fairly clean layout; however, the subject line & sender details should serve as a red flag that something is amiss. Here’s the email:

FedEx Spam

Subject: Tracking Detail (170)10-170-170-6365-6365
From: Priority Shipping Service (user.p[at]


Order:  HD-5468-483254683
Order Date: Tuesday, 26 November 2012, 10:17 AM

Dear Customer,

Your parcel has arrived at the post office at November 28. Our postrider was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this postal receipt.


Best Regards, The FedEx Team.

The hyperlink included in the email doesn’t point to, but a third-party site that will automatically download the file, onto your computer.

To no surprise, doesn’t contain your postal receipt, but malware identified by ESET Endpoint Antivirus as Win32/TrojanDownloader.Zortob.B (which I refer to simply as “Zortob.B”).

Zortob.B (aka Win32/Kuluoz!zip to Microsoft) is often attached to  fraudulent delivery notices like the one shown above, and should it successfully infect your machine, will attempt to steal login credentials & files from your computer.

Protect Your PC from the Zortob.B Trojan

Since Zortob.B is often delivered via malicious spam, it is strongly recommended that you:

  • Avoid downloading files or clicking links attached to unsolicited emails.

  • Always run antivirus software that offers real-time scanning.

  • Use your computer under a user account with limited privileges.

  • Keep your operating system and installed software fully patched & up-to-date.

Removing a Zortob.B Infection

If you suspect that your system may have been infected with the Zortob.B Trojan, it is recommended that you run a full system scan with an up-to-date antivirus solution. We recommend using antivirus products offered by one of the following vendors as they are known to be capable of detecting this threat:

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment