Outbreak! Fake Amazon UK emails spammed out, delivering malware

Filed Under: Featured, Malware, Spam

Amazon malwareBeware! A spate of malicious emails have been spammed out by online criminals, disguised as legitimate communications from the UK branch of online retail giant Amazon.

In a widespread attack, email messages have been distributed designed to trick computer users into opening an attachment disguised as information about an order for an unnamed item.

Here's part of a typical message seen by the experts at SophosLabs:

Amazon malware

From the looks of things, the body of the email itself - which have a subject line of "Your Order with Amazon.co.uk" - is harmless.

Any links contained inside the email do indeed go to the legitimate Amazon UK website, rather than a webpage hosting malware, and there are not attempts to phish for information.

The danger arrives in the file attached to the emails. The emails carry an attached file called "Your Order Details with Amazon.zip" which contains a Trojan horse.

It's understandable that some computer users would be fooled into opening the attachment, as they might be wondering what on earth they have ordered from Amazon.

It should go without saying that Amazon UK is a completely innocent party. They didn't send out the emails (despite what the forged "from" address used in the attack might suggest), and are having their brand tarnished by the cybercriminals behind this attack.

Computer users protected by Sophos security products will find the attachment is detected proactively as Mal/BredoZp-B.

Although there has been increased talk recently of drive-by-downloads and compromised websites being used to deliver malware onto the computers of unsuspecting computer users, it's worth remembering that email-based malware is far from dead.

You should always keep your security systems up-to-date, and - because of the danger they could introduce to your computer - be suspicious of unsolicited email attachments.

, ,

You might like

11 Responses to Outbreak! Fake Amazon UK emails spammed out, delivering malware

  1. Phil Jones · 842 days ago

    I got one of these - two hours after actually pre-ordering a DVD from Amazon. The email itself was fairly convincing. The thing that convinced me that it wasn't genuine was the attachment - a zipped .EXE. Report to stop-spoofing@amazon.com.

  2. der....opening a zip file from pay pal/amazon or any other online retailer is a no no. never ever open an .exe file if you specifucally did not ask for a zip or .exe file. you will never get an infection if you follow this rule, from an email anyway

  3. MikeP_UK · 842 days ago

    But the email doesn't look anything like the confirmation emails we get from Amazon's UK operation! That alone should make regular users of the Amazon service extremely wary.
    The emails we get from Amazon contain a full listing of our orders and the order confirmation number as open text - no 'additional' files at all.
    If you get an email from Amazon in the UK with an attachment, it isn't from Amazon so delete it - especially if you have not placed an order in the last few minutes! The same applies in our experience with Amazon in the US.

    • Phil Jones · 841 days ago

      Have you opted for plain text emails or html..?

      I've now received another 3 - again, 2 hours after placing a pre-order with Amazon for DVDs not yet released - coincidence? This is something I haven't done before, so I wasn't surprised (first time) when the email was a bit different from normal.

      I'm not silly about these things but this one had me wondering for a while. All the links were genuine but the attachment clinched it.

      • Joshua Furber · 449 days ago

        Fake Emails seemingly from Amazon are not all from scammers or criminals. Ebay being the biggest culprit as they know Amazon customers will be upset and change to Ebay buying and selling.

  4. Joshua Furber · 449 days ago

    So what do we do... Send a return thank you, making absolutely sure you add a stealthed corruption or virus to the Email you return to them.

    Have fun

  5. Joshua Furber · 449 days ago

    Make a message rule on your Email program. "All incoming mail to deleted items folder". Next, make a Maintenance rule. "Empty deleted items folder on exit program".
    Click only on emails you want and drag them into your Inbox. Do not click on suspect emails (not even to delete).

  6. Anonymous · 114 days ago

    I got one of these soon after placing an order with Amazon for the first time. I do lots of online shopping and never had any problems like this. I am careful about disclosing my email and keep all my pc security up date so one inference is that the details are being improperly accessed at Amazon. When you contact Amazon about this they do not mention it at all, just tell you how to spot a fake email.Until the likes of Amazon admit more responsibility - rather than put the onus back on the customer to spot fake emails -the problem will always be there. I do think forums like this should make more of this issue.

    • Paul Ducklin · 114 days ago

      The crooks send a LOT of spam. As a result, they regularly get lucky by hitting Amazon users just after they've done an Amazon transaction; by reaching a specific bank's customers just after their new credit card arrived; by emailing someone about Facebook who just posted something they now regret; and so on.

      Remember, they can get your email address from someone else being compromised (e.g. some person or company to whom you send at email who later got infected by malware that scours disks for liekly email addresses), and they can simply guess you use Amazon. The emails that go to people who have never used Amazon in their lives just get ignored...but that part of it costs the crooks almost nothing.

  7. BJ Cheshire · 114 days ago

    Is Amazon an entirely innocent party? I don't mean they are involved in any kind of scams but I have grave doubts about security. I have been shopping safely online for many years and never had any problems, partly because I use sites I have learned to trust, but I am also wary about disclosing my email details online. I also keep my OS and security software up to date. Within days of placing my first order with Amazon I received 2 spoof emails with attachments - which my email program filtered out. When you contact Amazon about this kind of thing all they do is tell you how to spot a fake email; putting the onus on the customer rather than addressing any potential security issues within Amazon. I am not saying the company is full of rogues but it is disingenuous to put all the onus back on the customer when they have done nothing except place an order with Amazon. I ams so dissatisfied with Amazon's attitude to this issue that I am unlikely to ever use them again. I know they won't miss my small contribution to their revenue but they should bear in mind I will tell all my friends and relatives - and bad news spreads.

    • Paul Ducklin · 114 days ago

      Every time you send an email to anyone, anywhere, about anything, you "disclose your email details online," because your email address is in the "From:" header.

      So I'm suggesting that co-incidence is a more likely explanation for you receiving Amazon-related spam several days after trading with Amazon than the explanation that Amazon had something to do with it. Heck, I receive Amazon spam all the time and I haven't even traded with them at all :-)

      Anyway, it doesn't sound as though Amazon is blaming you. Assume that the spam had nothing to do with Amazon at all except from having their name in it, which is a very likely explanation. What could Amazon do about that, apart from trying to give you some general advice? Or are you saying that company whose brand is ripped off by a spammer has to bear the responsibility of itself being a victim too?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley