False E-mails Confirming Order for TV with Amazon Target Innocent Internauts
BitDefender the security company has reported of genuine-appearing order substantiation e-mails during the end-week of May 2013 that seemingly arrived from Amazon.com the popular Internet retail shop about a 55-inch television, and hit Internauts randomly.
BitDefender's researchers explain that the item referred to within the fake e-mails is perpetually the TV set of 55'', although the e-mails enumerate differently the model and make of the product.
According to them, the brands are as varied as Samsung, LG and Sony to Sanyo, Panasonic, Akai, Vizio and Toshiba.
It seems the order got placed, 29th May 2013, while the mentioned delivery date to the supposed buyer is sometime around 30th-31st May 2013.
Whereas the false confirmation e-mails miss delivering the promised TV, they certainly deliver an embedded malicious program onto infected end-users' computers. This malicious program tries to booby-trap on security flaws affecting the victims' systems for thrusting harmful code. The attack normally works, as plenty of end-users don't maintain up-to-date software applications alternatively deploy the most recent security patches.
There are also web-links embedded on the e-mails which whilst clicked divert end-users onto one malevolent URL called or[removed]z.com, which contaminates them with BlackHole. Apparently, just established some days back (May 20, 2013), the website was supported through servers based inside US, Brazil, Germany and Kenya.
Moreover, one can notice that the delivery destinations mentioned inside the e-mails vary location-wise, while all across USA such as Los Altos, AK, Annandale, Pasadena, DC, Salem, NE, Cohoes, PA, WA and Santa Barbara.
And considering a 137m strong client-base for Amazon, as also TV sets being one of the most demanded items amongst people's choices of electronic goods, globally, it's clear that scammers are highly advantaged at getting unwitting users for contaminating them with malware.
If anyone receives such unsolicited electronic mails, they should exercise extra caution prior to following the web-links. Incase the person hasn't placed an order for a TV set with Amazon.com he should just erase the e-mail. For others who've placed an order, they should brush the web-links with their mouse to ensure they indeed lead onto Amazon's site prior to accessing them, BitDefender's specialists advise.
» SPAMfighter News - 10-06-2013