Last Updated: 2010-03-03 17:28:42 UTC
by Johannes Ullrich (Version: 1)
This particular attack appears to be a new version of similar e-mails we have seen over the last week or so. The new version uses larger e-mail messages, which appear to be composed with Microsoft Word.
The text is still pretty concise. As a sample:
----- Dear Customer, Your order has been sucessfully confirmed. For your reference, here's a summary of your order: You just confirmed order #2341-23483720-38123 Status: CONFIRMED -----
At the end of the e-mail follows a link to a malware site, labeled "ORDER INFORMATION".
A number of different domains have been seen used so far.