{"id":72506,"date":"2011-08-17T07:10:30","date_gmt":"2011-08-17T07:10:30","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72506"},"modified":"2011-08-17T07:10:30","modified_gmt":"2011-08-17T07:10:30","slug":"fedex-spam-mail-leads-to-install-fake-av","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/fedex-spam-mail-leads-to-install-fake-av\/","title":{"rendered":"FedEx Spam Mail Leads Users To Install Fake AV"},"content":{"rendered":"<p>A new spam email pretending to have arrived from FedEx is being discovered in the wild. This spam mail includes a subject line like &#8220;FedEX Notifications&#8221;.<br \/>\nThe mail also carries an attachment which contains details about a supposed delivery. The mail asks the user to extract this attachment.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/fedex-fraudmai11WinCE.PNG\" alt=\"\" width=\"240\" height=\"234\" \/><\/p>\n<p>Upon extraction of the attachment, the user gets a malicious .exe file which has a PDF file icon.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/fedex-fraudiconWinCE.PNG\" alt=\"\" width=\"240\" height=\"209\" \/><\/p>\n<p>If the user executes this malicious executable inside the zip attachment, it performs the following activity:<br \/>\n&#8211; Creates the process SVCHOST.EXE and injects its code.<br \/>\n&#8211; Downloads the fake tool file from the url &#8220;https:\/\/6X.9X.116.16&#8221;.<\/p>\n<p>After the download is completed, it installs the <strong>FakeAV<\/strong> application. Once installed, it will show a &#8216;Fake System Repair Alert&#8217; as seen below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/fedex-fraudscanWinCE.PNG\" alt=\"\" width=\"240\" height=\"144\" \/><\/p>\n<p><a href=\"https:\/\/www.quickheal.com\/\">Quick Heal<\/a> detects the attachment and the installed FakeAV file and protects its users.<br \/>\nWe strongly recommend that users do not open such attachments from unknown emails.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new spam email pretending to have arrived from FedEx is being discovered in the wild. This spam mail includes a subject line like &#8220;FedEX Notifications&#8221;. The mail also carries an attachment which contains details about a supposed delivery. The mail asks the user to extract this attachment. Upon extraction of the attachment, the user [&hellip;]<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,24],"tags":[22,68,23],"class_list":["post-72506","post","type-post","status-publish","format-standard","hentry","category-email","category-malware","tag-email-malware","tag-fedex","tag-fraudulent-email"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72506"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72506"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72506\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}