Confirmation from FedEx Email – word doc malware

An email about Walmart.com Returns with the subject of Confirmation from FedEx Email/Online Label pretending to come from FedEx Email/Online Label NoReply <no-reply@packagetrackr.com> with a malicious word doc is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential.  They are using email addresses and subjects that will entice a user to read the email and open the attachment.

The email looks like:

fedx
These malicious attachments normally have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details.

This email has what appears to be a genuine word doc or Excel XLS spreadsheet attached which contains a macro script virus. Modern versions of Microsoft office, that is Office 2010 and 2013 and Office 365 have Macros disabled by default, UNLESS you or your company have enabled them.

fed1 


fed2