Topic: Amazon Shipping update email contains malware

[Clive]

Waiting for a delivery from Amazon.com? Well, be careful if you receive a notification in your email - as it could be that hackers are trying to trick you into infecting your computer.

We're intercepting a wave of forged emails which claim to come from order-update@amazon.com, but unlike regular emails from the dot com giant they have a malicious file attached designed to run a Trojan horse on your computer.

In a seeming attempt to entice users to open the dangerous attachment, the emails have embedded inside them an image of a familiar half-opened Amazon branded package.

The emails have the following characteristics:

Subject:
Shipping update for your Amazon.com order 254-71546325-658732

Message body:
Shipping update for your Amazon.com order 254-78546325-658742

‏[Image of Amazon package]

Please check the attachment and confirm your shipping details.

Attached file: Shipping documents.zip

Sophos detects the attached file as Troj/CryptBx-Zp and Mal/CryptBox-A.

As always, be sure that you have kept your computer's defences up to date, and ensure that you never open unsolicited email attachments. An email can claim to come from a well-established brand like Amazon, but easily be a forgery created by hackers.

                                         

[Simon]

That will catch a few people.  Thanks for the warning, Clive.

[Clive]

Well I'm a bit concerned about my new laptop!  Dell told my son that delivery would be February 4th yet he received an e-mail on Friday to say it was on its way.    I've e-mailed the Sophos warning to him but he may not see the message until tomorrow.  Unfortunately the laptop is being despatched to London so I won't get my hands on it until we see him in a month's time. 

[Simon]

Surely the rogue email isn't specific enough to detail your orders?  If so, you'd have to assume your Amazon account had been compromised.  Besides which, if that's where your laptop is coming from, wouldn't it be Amazon.co.uk?

[Simon]

Actually, I think I may have got confused!  What's your laptop from Dell, got to do with Amazon?

[Clive]

Good point Simon.  But I didn't place the order! 

[sam]

yes, I get emails like that quite often - well  you know "you ordered this" when you blatantly didn't all go nicely in my spam box.

[Simon]

Also, not all that many people here would order from Amazon.com, as it would usually be the .co.uk website, unless you're importing CDs / DVDs, etc.

[Rik]

It will spread, though.

[Simon]

Probably.  Because people will allow it to.