Date: Wed, 30 Jul 2014 18:08:43 +0800 [06:08:43 EDT]
From: "AMAZON.CO.UK" [ckggzphqu@Amazon.co.uk]
Subject: Your Amazon order #853-9908013-4362599
Thank you for your order. We'll let you know once your item(s) have dispatched.You can check the status of your order or make changes to it by visiting Your Orders on Amazon.co.uk.
Order #853-9908013-4362599 Placed on July 26, 2014
Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon.
There's a ZIP file attached (in this case Order-853-9908013-4362599.zip) which unzips to a folder Order details with a malicious file ORDER-992-5188991-000933.exe which has a VirusTotal detection rate of 9/53. The Comodo CAMAS report shows that it downloads a further component from these following locations:
This second executable has a VT detection rate of 5/54. I recommend blocking the following sites: