Date: Wed, 4 Dec 2013 11:07:00 +0200 [04:07:00 EST]Attached is a ZIP file Order details.zip which in turn contains a malicious executable Order details.exe which has a VirusTotal detection rate of 15/49. Automated analysis tools [1] [2] are fairly inconclusive, but do show some apparent traffic to 79.187.164.155 (TP, Poland) plus the creation of a key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Start WingMan Profiler to run the malware at startup.
From: "AMAZON.CO.UK" [SALES@AMAZON.CO.UK]
Subject: order ID718-4116431-2424056
Good evening, Thanks for your order. We'll let you know once your item(s) have dispatched.You can check the status of your order or make changes to it by visiting Your Orders on Amazon.co.uk.
Order Details
Order ID757-7743075-1612424 Placed on December 1, 2013 Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon. Amazon.co.uk
Wednesday, 4 December 2013
Fake Amazon.co.uk spam / Order details.zip
This fake Amazon spam comes with a malicious attachment:
Labels:
Amazon,
EXE-in-ZIP,
Malware,
Spam
Subscribe to:
Post Comments (Atom)
6 comments:
Weird received one also and what caught my attention is that its not even my e-mail addy. ?quentonsumlin@yahoo.com? .Figures it was phishing or hack e-mail. I know some are still vulnerable so good your warning people about it!!
I was waiting for a response from an amazon vendor about an order placed on Dec 9 and STUPIDLY clicked on the zip file. I didn't actually open the document. I found it in my download folder and ran the "Secure Empty Trash." Is there anything else I should or could do??
I did too, not only opened it, but clicked to download attachments. Epic stupidity, since i noticed some differences from regular amazon mail. I cannot find files anywhere on my phone, how do i get rid of this virus ? Any help would be appreciated
This... would be more useful if it were to contain information for the poor users who have already clicked on the link...
personally I have a mac, but am searching to help a friend clean up his PC.. does anyone know how to resolve this??
thanks
it would be far more useful to supply information for the poor users who have mistakenly loaded the malware on their PCs..
I am searching (from my MAC) to help a friend remove this, and apart from marketing AVs I've not yet seen anything useful.
Does ANYONE know what needs to be done?
@davidhb, the problem with the malware is that it morphs with every new campaign, there are a couple of links to automated analysis reports in the post, however, one key area to look at is unusual entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ and perhaps upload the samples to VirusTotal.com to see if they are malicious.
Post a Comment