Press Panda Security

Computer Worm Hides Among Christmas Gifts, Warns PandaLabs

  • Fake FedEx delivery message contains Kuluoz worm and bogus antivirus program
  • Fraudsters leverage shopping seasons like Christmas to increase their profits

PandaLabs, Panda Security’s anti-malware laboratory, has detected a new scam campaign that may compromise user security. This new email scam, which has been perfectly timed to coincide with the beginning of the Christmas shopping season, involves a fake FedEx delivery message aimed at tricking users into downloading the Kuluoz.A computer worm and a fake antivirus program called “System Progressive Protection”.

“With the start of the Christmas season, many consumers go searching for gifts for their loved ones, often on the Internet. Unfortunately for users, cyber-criminals know this and leverage this time of the year to spread malicious emails aimed at tricking users and stealing their money,” said Luis Corrons, technical director of PandaLabs.

The spam message purports to come from FedEx, and reads as follows:

The message contains a link to download a ‘receipt’ for the user to collect the package that has supposedly been delivered to them. However, if the user clicks the link, they are taken to a Web page which downloads a .zip file named “Postal Receipt”. This file contains an executable file with a Word icon that downloads a variant of the Kuluoz.A worm, which in turn tries to connect to a remote server in order to receive commands from attackers and perform several malicious actions on the affected computer, including running files.

Once run, the worm opens the notepad, displaying a blank page to make users believe they are running a legitimate file. In addition, it downloads a fake antivirus program called “System Progressive Protection”, which simulates a computer scan. The scan reports a number of infections, and prompts the user to buy the antivirus to remove them. However, this is just a scam aimed at stealing victims’ money as none of the reported infections are real and the ‘antivirus software’ is fake.

“Once again, cyber-crooks are using social engineering techniques to spread malware,” explained Corrons. “It doesn’t matter if you haven’t bought a thing or are waiting for no parcel to be delivered to you, users are curious by nature and keep falling into this type of trap.  Holiday seasons like Christmas usually bring an increase in online shopping and present criminals with the opportunity to target a larger than usual number of victims.”

PandaLabs offers a series of tips to avoid falling victim to computer threats: Do not click any links included in email messages, do not run attached files that come from unknown sources, and have an effective security solution installed, capable of detecting both known and new malware strains.

Finally, Panda Security offers users its cloud-based antivirus solution Panda Cloud Antivirus, available for free at

You might also like

Virus Yearbook 2012
Once again PandaLabs, the antimalware laboratory of Panda Security –The Cloud Security Company-, has...
First Valentine’s Day malware attacks
- Waledac.C is a worm that spreads by email in fake Valentine’s Day e-greeting cards   This...
Obama, Racism, Twitter and Facebook, an Explosive Combination to Spread New Malware, According to PandaLabs
-           Users receive a Twitter direct message with a link to a supposed video of U.S....
It’s Christmas time at Facebook, reports PandaLabs
- A new variant of a well-known virus uses Christmas to spread via Facebook - Christmas is...


    December 5, 2012 at 11:27 am Permalink

    Can’t believe anyone would even open an email like that if they hadn’t ordered anything anyway.

    December 7, 2012 at 3:01 am Permalink

    How terrible. Thanks for the info on this worm


    [...] avez un message : Mais il n’est pas de Meg Ryan ou de Tom Hanks… Il s’agit de Kuluoz, un ver qui signale de prétendus achats sur Internet pour infecter les ordinateurs. Le ver se [...]


    [...] Δεν είναι ούτε από τη Meg Ryan ούτε από τον Tom Hanks, είναι το Kuluoz, ένα worm που αναφέρεται σε πράγματα που υποτίθεται ότι [...]

Leave a Reply

(will not be published) (required)