Find the answer to your Linux question:
Results 1 to 3 of 3
Can anybody tell me what is this 'Federal Express' Malware doing (or is anticipated to do). I have it in .PDF file (22 pages of program code, embedded in HTML) ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie user-f11's Avatar
    Join Date
    Feb 2011
    Location
    Sofia, BG
    Posts
    185

    'Federal Express' Malware


    Can anybody tell me what is this 'Federal Express' Malware doing (or is anticipated to do).
    I have it in .PDF file (22 pages of program code, embedded in HTML) which is 1:1 copy from an .HTML file that I received attached to an e-mail.
    The name of the File is:
    File Server & Print Server with Cups.PDF

    The Win virus scanner on the .PDF form reports:
    Status - Nothing detected Actions taken - None

    Unfortunately I could not publish it here for it is 181.5 kB (too large to be published as attachment).

  2. #2
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    I can't find the page where I read this from, but I believe that it is intended to be an info stealing bug.
    Similar to a key-logger, so that the creators of it can collect passwords, credit card numbers, etc.

    *EDIT*

    BTW... any email from Fed-Ex that has an attachment is bad. They don't use attachments on their notification emails.
    Last edited by jayd512; 06-19-2011 at 12:30 AM. Reason: Extra info
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  3. #3
    Linux Newbie user-f11's Avatar
    Join Date
    Feb 2011
    Location
    Sofia, BG
    Posts
    185

    RE: 'BTW... any email from Fed-Ex that has an attachment is bad.'

    This e-mail has nothing to do with Fed-Ex. This is an e-robot and as far as I can see it has 11 pages of JavaScript Header with nested IF statements and maybe PHP code nested in the JavaScript.
    Later on, in the HTML part it has 'harvested' e-mails in a List and sends itself automatically 'in compliance with' the hijacked List.
    I am awfully sorry that I can not show you the .PDF original (it is too large to be published here), and I don't dare to take excerpt-transcripts of the JavaScript code and to publish it as text.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •