Outbreak! Fake Amazon UK emails spammed out, delivering malware

Filed Under: Featured, Malware, Spam

Amazon malwareBeware! A spate of malicious emails have been spammed out by online criminals, disguised as legitimate communications from the UK branch of online retail giant Amazon.

In a widespread attack, email messages have been distributed designed to trick computer users into opening an attachment disguised as information about an order for an unnamed item.

Here's part of a typical message seen by the experts at SophosLabs:

Amazon malware

From the looks of things, the body of the email itself - which have a subject line of "Your Order with Amazon.co.uk" - is harmless.

Any links contained inside the email do indeed go to the legitimate Amazon UK website, rather than a webpage hosting malware, and there are not attempts to phish for information.

The danger arrives in the file attached to the emails. The emails carry an attached file called "Your Order Details with Amazon.zip" which contains a Trojan horse.

It's understandable that some computer users would be fooled into opening the attachment, as they might be wondering what on earth they have ordered from Amazon.

It should go without saying that Amazon UK is a completely innocent party. They didn't send out the emails (despite what the forged "from" address used in the attack might suggest), and are having their brand tarnished by the cybercriminals behind this attack.

Computer users protected by Sophos security products will find the attachment is detected proactively as Mal/BredoZp-B.

Although there has been increased talk recently of drive-by-downloads and compromised websites being used to deliver malware onto the computers of unsuspecting computer users, it's worth remembering that email-based malware is far from dead.

You should always keep your security systems up-to-date, and - because of the danger they could introduce to your computer - be suspicious of unsolicited email attachments.

, ,

You might like

7 Responses to Outbreak! Fake Amazon UK emails spammed out, delivering malware

  1. Phil Jones · 535 days ago

    I got one of these - two hours after actually pre-ordering a DVD from Amazon. The email itself was fairly convincing. The thing that convinced me that it wasn't genuine was the attachment - a zipped .EXE. Report to stop-spoofing@amazon.com.

  2. der....opening a zip file from pay pal/amazon or any other online retailer is a no no. never ever open an .exe file if you specifucally did not ask for a zip or .exe file. you will never get an infection if you follow this rule, from an email anyway

  3. MikeP_UK · 535 days ago

    But the email doesn't look anything like the confirmation emails we get from Amazon's UK operation! That alone should make regular users of the Amazon service extremely wary.
    The emails we get from Amazon contain a full listing of our orders and the order confirmation number as open text - no 'additional' files at all.
    If you get an email from Amazon in the UK with an attachment, it isn't from Amazon so delete it - especially if you have not placed an order in the last few minutes! The same applies in our experience with Amazon in the US.

    • Phil Jones · 535 days ago

      Have you opted for plain text emails or html..?

      I've now received another 3 - again, 2 hours after placing a pre-order with Amazon for DVDs not yet released - coincidence? This is something I haven't done before, so I wasn't surprised (first time) when the email was a bit different from normal.

      I'm not silly about these things but this one had me wondering for a while. All the links were genuine but the attachment clinched it.

      • Joshua Furber · 143 days ago

        Fake Emails seemingly from Amazon are not all from scammers or criminals. Ebay being the biggest culprit as they know Amazon customers will be upset and change to Ebay buying and selling.

  4. Joshua Furber · 143 days ago

    So what do we do... Send a return thank you, making absolutely sure you add a stealthed corruption or virus to the Email you return to them.

    Have fun

  5. Joshua Furber · 143 days ago

    Make a message rule on your Email program. "All incoming mail to deleted items folder". Next, make a Maintenance rule. "Empty deleted items folder on exit program".
    Click only on emails you want and drag them into your Inbox. Do not click on suspect emails (not even to delete).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.