Internet Security News & Views

Omniquad warns about W32/Trojan3 in Fraudulent FedEx Tracking Notification Emails

FedEx fraudulent tracking notification emails carries malware

Omniquad has intercepted a wave of fraudulant email notifications purporting to be from the FedEx courier service.

Its aprearance and contents are almost identical to the genuine email notification from FedEx, so it is difficult to recognize it as fraud unless you know what to look out for. The message contains shipment details such as shipment date, tracking number to make it appear more credible and lure the victim to open the attachment.

FedEx Tracking Notifications carries a Trojan

However, the attached ZIP file contains an .EXE file which we have detected as W32/Trojan3.DXR.


We have seen that the attackers regularly keep changing the subject filed in this latest campaign like FedEx shipment notification, FedEx tracking notification #XXXXX , FedEx email notification #XXXXX (where ‘XXXX’ is a random number).

They probably do this to try avoid email filters, but nevertheless this is not enough to fool commercial email filtering solutions such as Omniquad’s Mailwall Remote, as attachments are scanned for malware such as Trojans, along with message bodies, subject headings, etc.

How to Protect yourself

  • You should never open email attachments, click on links embedded in your email, supply personal or confidential information unless you are 100% sure that the email is legitimate.
  • Do not respond to the emails from unknown person or organization.
  • FedEx or any other similar services do not include attachments with tracking updates.

– The Omniquad Security Team

Tagged as: , , , , ,

6 Responses »

  1. God help us………. Pls can anyone even show me how these emails look like?

  2. I got one of these last week. I don’t remember if I opened the attachment or not. If i did, what should I do?

    • Hi Elisabeth, we cannot advice on any individual case. If in doubt, it is always best to err on the side of caution, update your antivirus signatures (or download a good antivirus if you dont have one installed already. There are many good consumer products out there) and run antivirus on your pc.

  3. Yes, received one … should I forward it anywhere for tracking source of e-mail?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Follow blog to be notified of new posts by email.

Recent Comments

Sunrise104 on MovieStarPlanet – Not ju…
%d bloggers like this: