Fake Amazon “Order Status” emails deliver malware

It comes as no surprise that as holiday shoppers begin to flood the internet looking for deals, the bad guys will be right behind them hoping to swoop in on an unsuspecting victim. Fake invoice scams are year round, but they are so much more effective during that time of year that most everyone is actually expecting packages in the mail from their online purchases.

Amazon.com has recently been pushing their 30 day free trial to their Amazon Prime services. This service, among other perks, allows Amazon shoppers to receive free two days shipping on all purchases. Offering free shipping during the shopping season must seem like a dream come true to people that prefer the peaceful trample-free option to shop from the comforts of their own homes as opposed to the chaos at the local shopping center.

This obviously looks like it was seen as a great opportunity by the cyber criminals out there too as floods of fake Amazon.com “Order Details” notifications are hitting our filters.

In possible haste a lot of these are broken. Some aren’t formed properly so the intended payload attachment isn’t viewable to the average recipient. Some of the attachments that made it are corrupted. However, a great deal of them are fully functional and aim to lighten that holiday wallet.

Among other things this piece of malware takes inventory of all running processes on the infected machine, steals all auto-complete passwords from Mozilla Firefox and makes attempts to download additional malware from its C&C server. At the time of writing the post, 25 out of 47 of the major AV companies recognized this threat.

Be on the look out for these and many other attempts to take advantage of the season. They are out in full force.

Author: Fred Touchette, AppRiver.

Don't miss