Fake Amazon “Order Status” emails deliver malware
Posted on 04.12.2013
It comes as no surprise that as holiday shoppers begin to flood the internet looking for deals, the bad guys will be right behind them hoping to swoop in on an unsuspecting victim. Fake invoice scams are year round, but they are so much more effective during that time of year that most everyone is actually expecting packages in the mail from their online purchases.


Amazon.com has recently been pushing their 30 day free trial to their Amazon Prime services. This service, among other perks, allows Amazon shoppers to receive free two days shipping on all purchases. Offering free shipping during the shopping season must seem like a dream come true to people that prefer the peaceful trample-free option to shop from the comforts of their own homes as opposed to the chaos at the local shopping center.

This obviously looks like it was seen as a great opportunity by the cyber criminals out there too as floods of fake Amazon.com "Order Details" notifications are hitting our filters.

In possible haste a lot of these are broken. Some aren't formed properly so the intended payload attachment isn't viewable to the average recipient. Some of the attachments that made it are corrupted. However, a great deal of them are fully functional and aim to lighten that holiday wallet.

Among other things this piece of malware takes inventory of all running processes on the infected machine, steals all auto-complete passwords from Mozilla Firefox and makes attempts to download additional malware from its C&C server. At the time of writing the post, 25 out of 47 of the major AV companies recognized this threat.

Be on the look out for these and many other attempts to take advantage of the season. They are out in full force.


Author: Fred Touchette, AppRiver.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //