Watch out for fake Amazon Order Details email malware scam
July 10, 2014
For the past few days I have intercepted numerous email scam messages, with the subject: "Order Details" and claiming to be From: Amazon.com ([email protected]). All contain a zip file attachment with a Trojan downloader or installer.
Recipients are being targeted by malicious actors abroad who bought email lists that were harvested by professional spammers and by malware infections with email harvesting modules on people's computers. The emails do not come from Amazon.com in any way. Anything claiming to be from Amazon in these messages is totally spoofed to trick you into opening the attached file. Doing so infects your Windows computer with a dangerous Trojan virus, which is identified by about 35 different names, by different anti-virus companies, as reported on VirusTotal, at the time this article was composed.
So you can be on the lookout, here is a copy of the text used in these messages.
Subject: Order Details
From: "Amazon.com" <[email protected]>
The first line in the message body is in a light gray banner:
"National" (on left) "AmazonLocal.com" (on right)How are you,,
Thank you for your order. We'll let you know once your item(s) have dispatched.You can view the status of your order or make changes to it by visiting Your Orders on Amazon.com.
Order Details
Order R:121317 Placed on May 28, 2014Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon. Amazon.com
The alleged invoice in the attached (over 100kb) file is a concealed Trojan Horse malware installer/downloader. If you open the zipfile, named "report_id.zip" and execute the enclosed file, your computer will be infected.
I have created a new spam filter to detect and block these scams spoofing Amazon.com orders, for MailWasher Pro users and added it to my published MailWasher Pro Filters. In the event you get a false positive detection and deletion from the Amazon filter, I suggest adding the exact email address used in their From field to your Friends list. I don't think you will find "delivers" to be one of the ones used by Amazon, but I've been known to be wrong before. ;-(
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.