Date: Mon, 28 Jul 2014 13:15:57 +0200 [07:15:57 EDT]
From: "AMAZON.CO.UK" [egljlyzqv@Amazon.co.uk]
Subject: Your Amazon order #239-1744919-1697181
Thank you for your order. We'll let you know once your item(s) have dispatched.You can check the status of your order or make changes to it by visiting Your Orders on Amazon.co.uk.
Order #239-1744919-1697181 Placed on July 26, 2014
Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon.
Attached is a file Order-239-1744919-1697181.zip which in turn contains a malicious executable Order details 001-8821901-992107.exe which has a VirusTotal detection rate of 18/54.
The Comodo CAMAS analysis shows that the malware reaches out to a familiar set of URLs to download further components:
I would recommend blocking the following domains: