• There are punctuation and grammar errors in the message.
• The link that you’ll see when floating the mouse over that ‘Print Label’ link doesn’t match the ‘from’ domain, and isn’t Fedex.com.
• European date format used by a US-based company.
• The logo is a bad jagged paste, and is missing the circle-R symbol for ‘registered trademark’.
• FedEx has no pickup service at their competitor, the “nearest” US Post Office.

Now, that’s already enough information to make me delete the email, but I’ll look a little deeper:

I downloaded the “label” to look–it was “Shipping_Label_US_Westminster.zip” and it held one file, “Shipping_Label_US_Westminster.exe”.

The antivirus I’m running didn’t object to either file; it probably can’t detect today’s variation yet.

I looked inside that file with an extraction program, and found a .rsrc folder, and files .text, .rdata, .data. Inside the folder there were two .ico files, basically desktop icons.

That’s enough to tell me that it appears to be a script to install software. It’s clearly not a label–that would be a PDF or a JPG image.

IMO, the most-likely payload would be a rogue/fake security program, either scare-ware or blackmail-ware. The message itself isn’t infectious, just don’t click that link.

Jerry Stern is webmaster at PC410.com and Startupware.com.

The post Careful again: FedEx Doesn’t Leave Your Package at the Post Office appeared first on Startupware.com. Visit to read more about software design, malware, and computer security.

Original article: Careful again: FedEx Doesn’t Leave Your Package at the Post Office.