Is Amazon sending you a Sony Bravia? Beware the malware attack

Amazon Sony Bravia
Have you received an email from Amazon about a purchase of a Sony Bravia television?

If so, it’s possible that you are in the gunsights of hackers behind a malware attack which is being seen around the world which is striking thousands of people who have shown no interest in ordering a new Sony television from the popular online store.

Bogus emails, which pretend to come from a manager at Amazon, thank you for shopping at and say that a Sony Bravia TV is winging its way to your address.

Malicious Amazon tracking email

Subject: Your order has been paid! Tracking NR:26958-480
Attached file:
Message body:

Good morning,

Thank you for shopping at!

We have successfully received your payment.

Your order has been shipped to your billing address.

You have ordered " Sony Bravia S3262 "

You can find your tracking number in attached to the e-mail document.

Print the postal label to get your package.

We hope you enjoy your order!

Maricela Ruffin, Amazon

The emails (which use slight variations in the subject line, the name of the alleged Amazon employee, and the model number of the Sony Bravia television) contain an attached file called

If you’re befuddled by the email in your inbox out of the blue then the most natural thing in the world might be to open the attachment in an attempt to determine what’s going on – especially if you’re worried your credit card may have been erroneously charged for some expensive TV hardware.

And that’s where you would be making a big mistake. The emails are, of course, malicious. Sophos detects the ZIP file as Mal/BredoZp-B and the code contained within as Mal/Koobface-G, potentially putting your computer and associated social networking accounts at risk of compromise.

This isn’t a new trick for cybercriminals to use of course. In the past we’ve seen other dangerous emails posing as Amazon shipment updates – an order for a Sony VAIO laptop computer, for instance.

And you thought repeats on TV were boring… in the malware world it’s even more repetitive.