Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Reports about large number of fake Amazon order confirmations

Published: 2010-03-03
Last Updated: 2010-03-03 17:28:42 UTC
by Johannes Ullrich (Version: 1)
13 comment(s)

A couple of readers wrote about a flood of fake order confirmations they are receiving. The e-mail claims to originate from, and attempts to trick the user into clicking on a link which will then lead to obfuscated JavaScript and malware.

This particular attack appears to be a new version of similar e-mails we have seen over the last week or so. The new version uses larger e-mail messages, which appear to be composed with Microsoft Word.

The text is still pretty concise. As a sample:

Dear Customer,

Your order has been sucessfully confirmed. For your reference, here's a summary of your order:

You just confirmed order #2341-23483720-38123



At the end of the e-mail follows a link to a malware site, labeled "ORDER INFORMATION".

A number of different domains have been seen used so far.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: amazon malware
13 comment(s)
Diary Archives