Phony Amazon Order Confirmation Emails Help Spread Malware

AmazonOnce again, cybercriminals are attempting to use the insane popularity of Amazon to trick users into following questionable email links.

Only, the latest variant of Amazon spam doesn’t just direct users to a pharmaceutical website like the bogus cancellation notices did.

No, instead the fake Amazon order confirmation messages will lead you straight to a malicious site that will attempt to install malware on your computer.

The Bait: Bogus Amazon Order Confirmation Email

Characteristics of the spam messages spotted in the wild:Fake Amazon Confirmation Email

  • The sender’s name is “Amazon.com.”
  • Subject lines used:  “Your Amazon.com Kindle e-book order confirmation” or “Your Amazon.com order confirmation.”
  • The billing address, price and ordered item appear to be randomly generated.
  • All of the embedded links point to third-party websites (compromised WordPress sites) and NOT Amazon.com.

The Attack: Courtesy of BlackHole Exploit Kit

Should you make the mistake of clicking on a link within a fraudulent Amazon order confirmation email, you will see a blank page reading:

“Amazon.com Order confirmation

Loading your book

Order ID: Loading…

Print Date/Time [timestamp]”

Meanwhile, the Blackhole exploit kit will work silently in the background, attempting to exploit vulnerabilities within the Microsoft Windows Help & Support Center, Adobe Flash Player, Adobe Reader and Adobe Acrobat to drop malware identified as TROJ_CRYPTOR.TH (TrendMicro) & Win32/AutoRun.Spy.Banker.P (NOD32) on your system.

Keeping Your PC Safe

To avoid falling for this attack, it is recommended that you:

  • Keep your computer’s operating system and software fully patched with the latest updates.
  • Always run antivirus software that offers real-time scanning and keep it up-to-date.
  • Avoid clicking links within emails; type the URL of the website you want to visit directly into your browser address bar.

What to do with Amazon Spam

If you received this email or one similar to it:

[via Webroot & GFI Labs]
Email Screenshot Credit: Webroot

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

This entry was posted in Computer Security, malware, phishing, spam, technology and tagged , , , , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5