From: Wallmart.com [mailto:sculptsu@complains.wallmartmail.com]
Sent: 16 May 2013 15:35
Subject: Thanks for your Walmart.com Order 3450995-348882
Visit Walmart.com |
Help |
My Account |
Track My Orders
[redacted]
Thanks for ordering from Walmart.com. We're currently processing your order.
Items in your order selected for shipping
• You'll receive another email, with tracking information, when your order ships.
• If you're paying by credit card or Bill Me Later®, your account will not be charged until your order ships. If you see a pending charge on your account prior to your items shipping, this is an authorization hold to ensure the funds are available. All other forms of payment are charged at the time the order is placed.
Shipping Information
Ship to Home
Gabriel Miller
1881 Granada Dr
Washington, NC 68025-3157
USA
Walmart.com Order Number: 3450995-348882
Ship to Home - Standard
Items Qty Arrival Date Price
Samsung UN55EH9050 42" 1080p 600Hz Class LED (3.7" ultra-slim) 3D HDTV 1 Arrives by Tue., May 21
Eligible for Free Standard Shipping to Home. $898.00
Subtotal: $898.00
Shipping: Free
Tax: $62.86
See our Returns Policy or
contact Customer Service
Walmart.com Total: $960.86
Order Summary
Order Date: 05/15/2013
Subtotal: $898.00
Shipping: Free
Tax: $62.86
Order Total: $960.86
Credit card: $960.86
Billing Information
Payment Method:
Credit card
If you have any questions, please refer to help.walmart.com or reply to this email and let us know how we can help.
Thanks,
Your Walmart.com Customer Service Team
www.walmart.com
Sign Up for Email Savings and Updates
Have the latest Rollbacks, hot new releases, great gift ideas and more sent right to your inbox!
The malicious payload is at [donotclick]virgin-altantic.net/news/ask-index.php (report here). IP addresses are the same as in the other attack, although obviously if you are blocking by domain you should add virgin-altantic.net too.
5 comments:
Any idea what the payload is?
@silly_rabbit: Blackhole, although I don't know what it drops then. The URLquery report might give you a starting point if you want to poke at it further.
This (link to VirusTotal) is the Payload.
That awkward moment that you think wow, a really big site has been compromised, that'd be an interesting story, only to find out it's a typosquatted domain.
Yeah, I had to do a double-take on "altantic" too :)
I got this today:
"Thanks for ordering from Walmart.com. We're currently processing your order.
Items in your order selected for shipping
• You'll receive another email, with tracking information, when your order ships.
• If you're paying by credit card or Bill Me Later®, your account will not be charged until your order ships. If you see a pending charge on your account prior to your items shipping, this is an authorization hold to ensure the funds are available. All other forms of payment are charged at the time the order is placed.
Shipping Information
Ship to Home
Benjamin Gonzalez
1601 Old Tavern Dr
Annandale, SC 68025-3157
USA
Walmart.com Order Number: 8137094-925143
Ship to Home - Standard
Items Qty Arrival Date Price
Philips UN56EH6010 50" 1080p 60Hz Class LED (3.7" ultra-slim) 3D HDTV 1 Arrives by Tue., May 21
Eligible for Free Standard Shipping to Home. $898.00
Subtotal: $898.00
Shipping: Free
Tax: $62.86
See our Returns Policy or
contact Customer Service Walmart.com Total: $960.86
Order Summary
Order Date: 05/15/2013
Subtotal: $898.00
Shipping: Free
Tax: $62.86
Order Total: $960.86
Credit card: $960.86
Billing Information
Payment Method:
Credit card
If you have any questions, please refer to help.walmart.com or reply to this email and let us know how we can help.
Thanks,
Your Walmart.com Customer Service Team
www.walmart.com
Post a Comment