Omniquad Warns:
W32/Trojan3 in Fraudulent FedEx Tracking Notification Emails

News from Omniquad | August 10, 2012

FedEx fraudulent tracking notification emails carries malware.

Omniquad has intercepted a wave of fraudulant email notifications purporting to be from the FedEx courier service.

Its aprearance and contents are almost identical to the genuine email notification from FedEx, so it is difficult to recognize it as fraud unless you know what to look out for. The message contains shipment details such as shipment date, tracking number to make it appear more credible and lure the victim to open the attachment.

FedEx tracking Notification

However, the attached ZIP file contains an .EXE file which we have detected as W32/Trojan3.DXR.


We have seen that the attackers regularly keep changing the subject filed in this latest campaign like FedEx shipment notification, FedEx tracking notification #XXXXX , FedEx email notification #XXXXX (where ‘XXXX’ is a random number).

They probably do this to try avoid email filters, but nevertheless this is not enough to fool commercial email filtering solutions such as Omniquad’s Mailwall Remote, as attachments are scanned for malware such as Trojans, along with message bodies, subject headings, etc.

How to Protect your self

  • You should never open email attachments, click on links embedded in your email, supply personal or confidential information unless you are 100% sure that the email is legitimate,
  • Do not respond to the emails from unknown person or organization,
  • FedEx or any other similar services do not include attachments with tracking updates.