• Fake FedEx delivery message contains Kuluoz worm and bogus antivirus program
  • Fraudsters leverage shopping seasons like Christmas to increase their profits

PandaLabs, Panda Security’s anti-malware laboratory, has detected a new scam campaign that may compromise user security. This new email scam, which has been perfectly timed to coincide with the beginning of the Christmas shopping season, involves a fake FedEx delivery message aimed at tricking users into downloading the Kuluoz.A computer worm and a fake antivirus program called “System Progressive Protection”.

“With the start of the Christmas season, many consumers go searching for gifts for their loved ones, often on the Internet. Unfortunately for users, cyber-criminals know this and leverage this time of the year to spread malicious emails aimed at tricking users and stealing their money,” said Luis Corrons, technical director of PandaLabs.

The spam message purports to come from FedEx, and reads as follows:

The message contains a link to download a ‘receipt’ for the user to collect the package that has supposedly been delivered to them. However, if the user clicks the link, they are taken to a Web page which downloads a .zip file named “Postal Receipt”. This file contains an executable file with a Word icon that downloads a variant of the Kuluoz.A worm, which in turn tries to connect to a remote server in order to receive commands from attackers and perform several malicious actions on the affected computer, including running files.

Once run, the worm opens the notepad, displaying a blank page to make users believe they are running a legitimate file. In addition, it downloads a fake antivirus program called “System Progressive Protection”, which simulates a computer scan. The scan reports a number of infections, and prompts the user to buy the antivirus to remove them. However, this is just a scam aimed at stealing victims’ money as none of the reported infections are real and the ‘antivirus software’ is fake.

“Once again, cyber-crooks are using social engineering techniques to spread malware,” explained Corrons. “It doesn’t matter if you haven’t bought a thing or are waiting for no parcel to be delivered to you, users are curious by nature and keep falling into this type of trap.  Holiday seasons like Christmas usually bring an increase in online shopping and present criminals with the opportunity to target a larger than usual number of victims.”

PandaLabs offers a series of tips to avoid falling victim to computer threats: Do not click any links included in email messages, do not run attached files that come from unknown sources, and have an effective security solution installed, capable of detecting both known and new malware strains.

Finally, Panda Security offers users its cloud-based antivirus solution Panda Cloud Antivirus, available for free at www.cloudantivirus.com.