Amazon.com has recently been pushing their 30 day free trial to their Amazon Prime services. This service, among other perks, allows Amazon shoppers to receive free two days shipping on all purchases. Offering free shipping during the shopping season must seem like a dream come true to people that prefer the peaceful trample-free option to shop from the comforts of their own homes as opposed to the chaos at the local shopping center.
This obviously looks like it was seen as a great opportunity by the cyber criminals out there too as floods of fake Amazon.com "Order Details" notifications are hitting our filters.
In possible haste a lot of these are broken. Some aren't formed properly so the intended payload attachment isn't viewable to the average recipient. Some of the attachments that made it are corrupted. However, a great deal of them are fully functional and aim to lighten that holiday wallet.
Among other things this piece of malware takes inventory of all running processes on the infected machine, steals all auto-complete passwords from Mozilla Firefox and makes attempts to download additional malware from its C&C server. At the time of writing the post, 25 out of 47 of the major AV companies recognized this threat.
Be on the look out for these and many other attempts to take advantage of the season. They are out in full force.
Author: Fred Touchette, AppRiver.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.