Tuesday, 10 December 2013

Fake Amazon.co.uk order spam / AM-ORDER-65HNA1972.exe

This fake Amazon spam has a malicious attachment:

Date:      Tue, 10 Dec 2013 11:19:03 +0200 [04:19:03 EST]
From:      blackjacksxjt@yahoo.com
Subject:      order #822-8266277-7103199

Good evening,

Thank you for your order. We�ll let you know once your item(s) have dispatched.You can check the status of your order or make changes to it by visiting Your Orders on Amazon.co.uk.

Order Details

Order #481-0295978-7625805 Placed on December 8, 2013
Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon. Amazon.co.uk
Attached is an archive file AM-ORDER-65HNA1972.zip (VirusTotal detections 9/47) which in turn contains a malicious executable AM-ORDER-65HNA1972.exe (VirusTotal detections 9/49) which has an icon to make it look like some sort of document.

Automated analysis tools seem to be timing out [1] [2] indicating perhaps that it has been hardened against sandbox analysis.

1 comment:

  1. Received this scam today at 01.00. The scam was obvious - particularly since I don't have any current orders with Amazon.Nevertheless I am grateful that I use Linux, which wouldn't run a .exe file.
