Not all FedEx deliveries contain packages that users expect.

Security researchers at AppRiver have observed an uptick in spam messages that appear to be shipping notifications from FedEx, but in fact contain Fareit malware, an information stealer that targets email passwords and browser-stored passwords, as well as FTP credentials.

During AppRiver’s analysis, the malware also downloaded a copy of the ever-popular Zeus Trojan onto the infected machine.

According to Troy Gill, manager of security research, the messages appear to contain a shipping receipt for a package that the courier was unable to deliver. The attached file, while it does have .PDF in the name, is actually a file archive utilizing the open source file archiver 7zip. Inside the compressed archive, you will find an executable file (.exe) that contains the Fareit malware.

Read More From Source.

http://www.infosecurity-magazine.com/news/fedex-delivery-notices-dropping/?utm_source=twitterfeed&utm_medium=twitter

According to security firm AppRiver, this weekend was very busy for the cyber criminals.

Researchers are saying the bad guys sent out 14 million emails laced with Locky ransomware. Analyst Jonathan French figures that at least one botnet was used to send out the emails.

Locky was first seen in Feb. 2016 and when it finds a victim, encrypts the files, it then asks for .5 bitcoin which is valued at approximately $340.

AppRiver was able to monitor the activity with a global network of honeypots.

“Virus hits are tabulated on a global scale across our servers,” French explained, “we are able to pull the hit statistics for a rule we have and see the counts over time. If we know which specific rule is blocking which campaign — such as one we add for brand new malware variants — we are able to give a size to the amount of emails caught as well as a time frame.”

“The initial guess is due to the sudden drop in traffic during the 3 p.m. time frame and then a subsequent jump in virus traffic again,” French said, “it seems unlikely two botnets would be that coordinated in sending malware. Looking closer at some of the sending IP addresses between the two, we can see that many of the IPs were active during both malware pushes.”

Locky was dormant for a while and researchers are postulating the botnets may have been in need of upgrading before the push.

Source: CyberScoop

Quick tips for avoiding all scams

• If it sounds to good to be true, it probably is.
• Read carefully, scams almost always have improper grammar or spelling mistakes which you won’t normally see in a legitimate message.
• Check the email it was sent from, it will often be easy to spot that the email didn’t come from support@amazon.com for example.
• If you click a link and are taken to a page looking for personal information, turn around. No company will immediately request that information from you to get a deal.

Now we’re here, it’s finally time for the list. Lets get rolling:

5. Fake Charity Emails

There is no doubt that during the holidays we tend to give more as a society. We’re all feeling happier, and are more willing to spread the cheer during the “giving season.” Cyber criminals are always on top of their best chances to scam you out of money and may even try to do it using fake charity emails. These could come in looking to get donations out of you, and may appear to be legitimate at first. Make sure to read carefully through the emails and look for their typical mistakes (typos, poor grammar, etc.). To be extra careful, if you’re looking to donate to a charity that came from a suspicious email, open your browser and manually navigate to their website. Using this process you ensure you’re not being fooled by any fake webpages and can continue to spread holiday cheer!

4. Fake Shipping Notifications

This scam attempt is very popular at all times of the year, but even more so during the holiday season. We all tend to order more things online during the holidays which means UPS and FedEx are ramping up their deliveries to get all the packages out on time. Cyber criminals look to target this aspect by alerting you that your packages were not able to be delivered and you need to fill out forms with personal information to reschedule the delivery. As we all know, if UPS attempts to make a delivery and can’t they will leave a note on your door. You can also sign up for programs UPS and FedEx offer to monitor packages being sent to your address. This will allow you to skip over these shady emails and go right to your account to check a delivery status.

3. Black Friday or Cyber Monday Extravaganzas

We’re not the only ones who get overly excited for the steal of the year on that flat screen TV, cyber criminals look forward to Black Friday and Cyber Monday just like consumers. Cyber criminals have been preparing for this time of year and are often putting some serious dedication into their scams. In previous years entire “Black Friday Deals” websites have been created trying to lure customers into buying fake products on their fake website. These sites are showing even lower prices than normal stores are offering to try to prey on customers looking for the best deal wherever they can find it. Be sure to always purchase directly from retailers no matter what sites you see deals on.

2. Fake E-Greeting Cards

E-greeting cards are not something that really caught on as a popular trend but they’re still used as a cute way to spread some holiday cheer and happiness. They’re even sometimes sent out by businesses as a way to spread some cheer to customers and wish them a happy holidays. Because of this, criminals are out looking to take advantage of your holiday spirit and trick you into clicking their malicious links.

Sometimes these E-Greeting cards will come loaded with malware as an attachment (as a PC Matic customer this will be blocked easily), however they also may try to get you to give up personal information. This type of attack is focused on social engineering and will attempt to get you to enter personal information to win a “holiday contest”, or another silly excuse they come up with. Remember to avoid giving out personal information on the internet when possible, especially if it is solicited through a shady email or pop-up.

1. Fake Last Minute Shopping Deals

This year specifically be on the lookout for scams that could involve Wal-Mart or Amazon. They are two of the big powerhouses in retail store and online shopping, and cyber criminals see pretending to be them as an easy target. These scams could come in the form of last-minute sales or coupons that will often sound to good to be true. If you see a deal like this and want to see if it’s legitimate, go directly to Amazon.com or Walmart.com and see for yourself. If they’re emailing about a deal it will most likely be on the front page of their site.

Another way the criminals try to scam people with shopping related deals are free gift cards, that’s right FREE GIFT CARDS. They’ll often exclaim this offer in full caps to you in an email or malicious pop-up. A good rule of thumb for this one is no store is ever going to give you a free gift card for filling out a form with personal information. There are some instances where stores offer gift card deals with a purchase, these are legitimate and are often done by stores like Target.

The latest Locky distribution campaign uses emails that pretend to be complaints from the victim’s ISP, stating that spam has been sent from the victim’s computer. The emails contain a ZIP attachment that uses social engineering to trick users into opening it: the file is named logs_[target_name].zip.

The ZIP file includes a JavaScript that, when opened, downloads an encrypted DLL that is decrypted into the %Temp% folder on the infected machine. Loaded using the legitimate Windows program Rundll32.exe, the DLL will install and execute the Locky ransomware.

As soon as the installation process has been completed, the ransomware scans the computer and network shares (including the unmapped ones) for specific file types and starts encrypting them. Encrypted files are renamed and appended the .AESIR extension.

After the encryption process has been completed, the malware displays a ransom note informing the victim on what happened with their files and providing instructions on how to pay the ransom to decrypt the files.

http://www.securityweek.com/fake-isp-complaint-emails-distribute-locky-ransomware-variant