Reports about large number of fake Amazon order confirmations
A couple of readers wrote about a flood of fake Amazon.com order confirmations they are receiving. The e-mail claims to originate from Amazon.com, and attempts to trick the user into clicking on a link which will then lead to obfuscated JavaScript and malware.
This particular attack appears to be a new version of similar e-mails we have seen over the last week or so. The new version uses larger e-mail messages, which appear to be composed with Microsoft Word.
The text is still pretty concise. As a sample:
----- Dear Customer, Your order has been sucessfully confirmed. For your reference, here's a summary of your order: You just confirmed order #2341-23483720-38123 Status: CONFIRMED -----
At the end of the e-mail follows a link to a malware site, labeled "ORDER INFORMATION".
A number of different domains have been seen used so far.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
×
Diary Archives