Reports about large number of fake Amazon order confirmations
A couple of readers wrote about a flood of fake Amazon.com order confirmations they are receiving. The e-mail claims to originate from Amazon.com, and attempts to trick the user into clicking on a link which will then lead to obfuscated JavaScript and malware.
This particular attack appears to be a new version of similar e-mails we have seen over the last week or so. The new version uses larger e-mail messages, which appear to be composed with Microsoft Word.
The text is still pretty concise. As a sample:
----- Dear Customer, Your order has been sucessfully confirmed. For your reference, here's a summary of your order: You just confirmed order #2341-23483720-38123 Status: CONFIRMED -----
At the end of the e-mail follows a link to a malware site, labeled "ORDER INFORMATION".
A number of different domains have been seen used so far.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments
Ron
Mar 3rd 2010
1 decade ago
Analyst
Mar 3rd 2010
1 decade ago
Analyst
Mar 3rd 2010
1 decade ago
A few with malware ZIP attachments have the subject "Shipping update for your Amazon.com order 254-71546325-658732".
A separate phishing run has the subject "Update your Amazon.com account information." and lots of Yahoo shortcut javascript junk in the message content.
Paul
Mar 3rd 2010
1 decade ago
Amy
Mar 3rd 2010
1 decade ago
Subject: Shipping update for your Amazon.com order 254-71546325-658732
Body: Shipping update for your Amazon.com order 254-78546325-658742
Please check the attachment and confirm your shipping details.
Attachment: Shipping documents.zip
Barracuda Spam Firewall detects this as Trojan.VB.8768
Others are being blocked by intent/reputation.
phishphreek
Mar 3rd 2010
1 decade ago
I am seeing zero of the spam which Johannes is describing, but perhaps that is because my MTA is very effective at keeping out zombies.
Andrew from Vancouver
Mar 3rd 2010
1 decade ago
Joshua from Utah
Mar 4th 2010
1 decade ago
joeblow
Mar 4th 2010
1 decade ago
http://www.threatexpert.com/report.aspx?md5=bc1895e5a455fe39b2109dfc94fb9ab9
Lagato
Mar 4th 2010
1 decade ago