E-mails Masquerading as Amazon Messages Identified

Security researchers caution that e-mails posing as messages from Amazon.com the well-known seller on the Internet are circulating online, as they attempt at attacking innocent buyers, published hoax-slayer.com dated December 30, 2011.

Using one attractive caption, "Your Amazon.com order of 'Sprint HTC Evo 4g Android Cell Phone' has shipped!" the rogue electronic mail tells the recipient to track his order that has been dispatched. Thereafter, it tells that the retailer has particularly shipped the user's current number of items demanded, separately from the remaining items so he may have a faster service; however, without any extra charge. The other items will be dispatched immediately when they become ready. Finally, the e-mail states that incase the user wants to return any of the products shipped hitherto alternatively wants to place more orders, then he's requested to access the 'Your Orders' Web-page of Amazon's site.

But, the e-mails aren't from Amazon, just as the information in them regarding purchases is unreal.

Meanwhile, if anyone becomes lured and follows the web-links within the spam mail, they lead him onto a site, which produces malware that, based on Windows vulnerabilities yet-to-be-patched, installs its payload.

Known as 'Cridex,' the mentioned malicious software is particularly created for filching users' financial and other personal details from their infected computers, security researchers caution.

Normally, Win32/Cridex gets dropped through mass e-mailed malware like Exploit:JS/Blacole and variants, while it is designed to proliferate onto detachable drives. Alongside targeting banking credentials, Cridex captures local certificates too while it runs files that increases its risk even further.

Moreover, when run, the Trojan installs its duplicate on the target PC as one file randomly labeled while changes the registry entries towards ensuring that it is run whenever the OS starts up. But, despite removing the duplicate file, Win32/Cridex inserts itself inside all active processes, including those which are introduced afterwards.

Eventually, for eliminating Win32/Cridex from any hijacked PC, it requires erasing certain Windows system files as well as deleting registry entries after creating their backups. Meanwhile, for a cleansed computer that starts functioning fine, the back-up consisting of Cridex maybe erased, the researchers conclude.

Related article: E-Crime Reporting Format To Be Launched in July

» SPAMfighter News - 1/9/2012