Security experts over at PandaLabs (of Panda Security) have come across a phishing email posing as an order confirmation email from CULT, a clothing retailer based in the UK.
The email appears to be carefully crafted by the cybercrooks behind it too. There are no obvious grammar or spelling errors, the sender's address is a spoofed cult.co.uk email and they build credibility with the consistent use of a fake confirmation number and details for a legitimate product sold by CULT in within the order details.
The only thing that may give it away is the order date, which is listed as "02/11/2007."
Here's the email:
Image Credit: PandaLabs
From: Cult.co.uk [firstname.lastname@example.org]
Subject: CULT Order Confirmation (CULT78318)
Thank you for shopping with CULT. Please look over the details below to ensure your order is correct.
If you have any queries with your order please contact us.
Please allow 3-5 days for delivery.
Payment Type: Credit/Debit Card
The order can be viewed by visiting:
Your Order Number is CULT78318 0/2/11/2007
What you bought… Qty GBP Price each Sub
Superdry 1 174.99 GBP 174.99
Superdry vintage distressed leather Brad jacket made from super-soft full grain leather with six pocket design, embroidered motif on shoulder and layered collar detail. As worn by David Beckham.
Item Code: BU0105010040
Total + Delivery: 190.90
Unfortunately, targets of this phishing email are in for a rather unpleasant surprise if they decide to click the link to "view the order details" and download a malicious EXE file masquerading as a harmless PDF file. Inside that executable hides a nasty Trojan with bot capabilities, dubbed “Ainslot.L” by PandaLabs.
Once Ainslot.L makes its way onto your computer, it will create/modify registry keys to make sure it runs on startup and bypass the system firewall, seek out and remove any other data-stealing Trojans that may be hiding on the system and then proceed to leverage its own keylogging capabilities in order to steal account logins – regardless if it’s to your bank account or social networking profile – and relay that data to the cybercriminals behind it.
Sounds like fun, right?
To avoid having their PC infected with the Ainslot.L Trojan, users should:
- Avoid following links within unsolicited emails, even if they appear to be legitimate.
- Avoid downloading any files from untrusted sources.
- Always run antivirus software on their PC and make sure the virus definitions are current.
- Make sure their email client is protected by a comprehensive spam and malware filtering solution.
Stay safe, folks!
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.