Have you received an email from Amazon about a purchase of a Sony Bravia television?
If so, it’s possible that you are in the gunsights of hackers behind a malware attack which is being seen around the world which is striking thousands of people who have shown no interest in ordering a new Sony television from the popular online store.
Bogus emails, which pretend to come from a manager at Amazon, thank you for shopping at Amazon.com and say that a Sony Bravia TV is winging its way to your address.
Subject: Your order has been paid! Tracking NR:26958-480
Attached file: AMAZON_LABEL_07_07-2010.zip
Thank you for shopping at Amazon.com!
We have successfully received your payment.
Your order has been shipped to your billing address.
You have ordered " Sony Bravia S3262 "
You can find your tracking number in attached to the e-mail document.
Print the postal label to get your package.
We hope you enjoy your order!
Maricela Ruffin, Amazon
The emails (which use slight variations in the subject line, the name of the alleged Amazon employee, and the model number of the Sony Bravia television) contain an attached file called AMAZON_LABEL_07_07-2010.zip.
If you’re befuddled by the email in your inbox out of the blue then the most natural thing in the world might be to open the attachment in an attempt to determine what’s going on – especially if you’re worried your credit card may have been erroneously charged for some expensive TV hardware.
And that’s where you would be making a big mistake. The emails are, of course, malicious. Sophos detects the ZIP file as Mal/BredoZp-B and the code contained within as Mal/Koobface-G, potentially putting your computer and associated social networking accounts at risk of compromise.
And you thought repeats on TV were boring… in the malware world it’s even more repetitive.