Friday, December 9, 2011

“Your Amazon Order Has Shipped” Spam Leads to Malware

Do not click any links in the "Your Amazon Order Has Shipped" Spam emailDid you receive an email stating that your Amazon order for an “Omron UAZ-016D Fat Loss Monitor” has shipped? Don’t click any links within that email!

Cybercriminals are actively spamming out fraudulent Amazon order shipment emails, hoping that you’ll follow the links to malware-laden websites.

Here’s a copy of the email:
From: Monte Mcintyre [serve@iztzg(dot)hr]
Sent: Friday, December 09, 2011 6:17 AM
Subject: Your Amazon.com order of "Omron UAZ-016D Fat Loss ..." has shipped!

Hello,

Shipping Confirmation
Order # 972-8332938-9078254

Your estimated delivery date is:
Tuesday, December 13, 2011

Track your package Thank you for shopping with us. We thought you'd like to know that we shipped this portion of your order separately to give you quicker service. You won't be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.

Shipment Details

Omron UAZ-016D Fat Loss Monitor, Black $119.95
Item Subtotal: $119.95
Shipping & Handling: $0.00
Total Before Tax: $119.95
Shipment Total: $119.95
Paid by Visa: $119.95

You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.

Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.

We hope to see you again soon!
Amazon.com

ESET Access DeniedAll of the links in the email lead to the same URL, which is hxxp://tecak-kovo[dot]sk/wp-content/uploads/fgallery/news.html.

Upon clicking the links, you will instantly be redirected to hxxp://certerpen.info/main.php?page=525447c096f8efbf, which is a blackhole exploit kit site that will attempt to install malware on your computer.

[Warning: The URLs I've listed above are actively delivering malware, so please do not visit them! They're only provided to help you spot future attacks.]

According to Conrad Longmore at Dynamoo, the malware attempting to make its way onto your PC is the Cridex Trojan.

Win32/Cridex is a nasty bug known for downloading additional malware, capturing your online banking information, stealing local certificates and uploading your files to a remote server.

Thankfully, threats like these can be easily avoided with the help of up-to-date antivirus software. ESET NOD32 Antivirus will stop you from following the links, although you shouldn’t be clicking links in spam emails anyway. ;)

Cybercriminals have been sending out a variety of Amazon-themed spam as of late; some of the spam hopes to collect your account information while others attempt to deliver malware via malicious file attachments.

Make sure that you warn your family and friends to about the influx of spam posing as legitimate Amazon emails and make sure you’re running antivirus on your PC!

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Photo Credit: hoyasmeg

No comments:

Post a Comment