{"id":72404,"date":"2011-10-31T13:11:10","date_gmt":"2011-10-31T13:11:10","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72404"},"modified":"2011-10-31T13:11:10","modified_gmt":"2011-10-31T13:11:10","slug":"fedex-scam-spreading-rogueware","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/fedex-scam-spreading-rogueware\/","title":{"rendered":"FedEx Scam spreading Rogueware"},"content":{"rendered":"<div><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/images1.serendipityThumb.jpeg\" alt=\"\" width=\"110\" height=\"33\" \/><\/div>\n<div><\/div>\n<div>Today we received a mail which pretends to have come from FedEx and it looks as shown below.<\/div>\n<div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/46.JPG\" alt=\"\" width=\"631\" height=\"259\" \/><\/p>\n<p>As seen from the image, the attachment is actually a UPX packed executable file which looks like an invoice document.<\/p>\n<p>After execution of the binary, it dropped a copy of itself and also created a registry key as shown below.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/9.jpg\" alt=\"\" width=\"671\" height=\"222\" \/><\/p>\n<p>The file and registry key names are created as if they are genuine.<\/p>\n<p>In addition we also noticed that it tried connecting to several suspicious links.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/48.JPG\" alt=\"\" width=\"594\" height=\"70\" \/><\/p>\n<p>Finally, a rogueware named <strong>System Restore<\/strong> got installed.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/47.JPG\" alt=\"\" width=\"592\" height=\"385\" \/><\/p>\n<p>We suggest that all users ignore such emails and do not respond to them.<\/p>\n<p>If you are infected with such rogueware, we recommend that you scan your system using the tool below.<br \/>\n<a href=\"https:\/\/bitcast-maa1.bitgravity.com\/quickheal\/tools\/remfakealert.zip\">Remove System Restore Rogueware<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Today we received a mail which pretends to have come from FedEx and it looks as shown below. As seen from the image, the attachment is actually a UPX packed executable file which looks like an invoice document. After execution of the binary, it dropped a copy of itself and also created a registry key [&hellip;]<\/p>\n","protected":false},"author":26,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,24],"tags":[22,68,23,26],"class_list":["post-72404","post","type-post","status-publish","format-standard","hentry","category-email","category-malware","tag-email-malware","tag-fedex","tag-fraudulent-email","tag-rogueware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72404"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72404"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72404\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}