Thursday, June 14, 2012

Phony Amazon Order Confirmation Emails Help Spread Malware

AmazonOnce again, cybercriminals are attempting to use the insane popularity of Amazon to trick users into following questionable email links.

Only, the latest variant of Amazon spam doesn’t just direct users to a pharmaceutical website like the bogus cancellation notices did.

No, instead the fake Amazon order confirmation messages will lead you straight to a malicious site that will attempt to install malware on your computer.

The Bait: Bogus Amazon Order Confirmation Email


Characteristics of the spam messages spotted in the wild:Fake Amazon Confirmation Email

  • The sender's name is “Amazon.com.”

  • Subject lines used:  “Your Amazon.com Kindle e-book order confirmation” or “Your Amazon.com order confirmation.”

  • The billing address, price and ordered item appear to be randomly generated.

  • All of the embedded links point to third-party websites (compromised WordPress sites) and NOT Amazon.com.


The Attack: Courtesy of BlackHole Exploit Kit


Should you make the mistake of clicking on a link within a fraudulent Amazon order confirmation email, you will see a blank page reading:
“Amazon.com Order confirmation

Loading your book

Order ID: Loading…

Print Date/Time [timestamp]”

Meanwhile, the Blackhole exploit kit will work silently in the background, attempting to exploit vulnerabilities within the Microsoft Windows Help & Support Center, Adobe Flash Player, Adobe Reader and Adobe Acrobat to drop malware identified as TROJ_CRYPTOR.TH (TrendMicro) & Win32/AutoRun.Spy.Banker.P (NOD32) on your system.

Keeping Your PC Safe


To avoid falling for this attack, it is recommended that you:

  • Keep your computer’s operating system and software fully patched with the latest updates.

  • Always run antivirus software that offers real-time scanning and keep it up-to-date.

  • Avoid clicking links within emails; type the URL of the website you want to visit directly into your browser address bar.


What to do with Amazon Spam


If you received this email or one similar to it:

[via Webroot & GFI Labs]

Email Screenshot Credit: Webroot

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment