Sponsored by..

Tuesday, 5 February 2013

Amazon.com spam / salam-tv.com

This fake Amazon email leads to malware on salam-tv.com:

Date:      Tue, 5 Feb 2013 18:32:06 +0100
From:      "Amazon.com Orders" [no-reply@amazon.com]
Subject:      Your Amazon.com order receipt.

    Click here if the e-mail below is not displayed correctly.
Follow us:                    
Your Amazon.com                         Today's Deals                 See All Departments    

Dear Amazon.com Customer,    

Thanks for your order, [redacted]!

Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.

Order Details:

E-mail Address: [redacted]
Billing Address:
Fort Wayne OH 49476-1748
United States
Phone: 1- 749-787-0001

Order Grand Total: $ 91.99
Earn 3% rewards on your Amazon.com orders with the Amazon Visa Card. Learn More

Order Summary:
Order #:     C59-2302433-5787713
Subtotal of items:     $ 91.99
Total before tax:     $ 91.99
Tax Collected:     $0.00
Grand Total:     $ 90.00
Gift Certificates:     $ 1.99
Total for this Order:     $ 91.99
Find Great Deals on Millions of Items Storewide
We hope you found this message to be useful. However, if you'd rather not receive future e-mails of this sort from Amazon.com, please opt-out here.

� 2012 Amazon.com, Inc. or its affiliates. All rights reserved. Amazon, Amazon.com, the Amazon.com logo and 1-Click are registered trademarks of Amazon.com, Inc. or its affiliates. Amazon.com, 466 Sally Ave. N., Seattle, MA 71168-8282. Reference: 25090571

Please note that this message was sent to the following e-mail address: [redacted]
The malicious payload should be at [donotclick]salam-tv.com/detects/visit_putts.php but at the moment this domain doesn't seem to be resolving properly. A bit of digging around shows that it may be hosted on (Chicago VPS, US) and the following malicious domains can be traced to that IP address: