Have you received any emails from Amazon lately? Did they come with subject lines such as “HD TV In Progress Now”, “Item Processed Now”, or “Your HDTV Waiting on delivery Now.” If so, you’re most likely the victim of a cybercriminal operation.
Spyware Sucks came across
a series of malicious emails purporting to come from Amazon.com. The messages inform recipients that their order for a Samsung HD TV set – worth around $800 (640 EUR) - is being processed.
“Thank you for shopping with us. We thought you must be informed that we shipped your item, and that this completes your order. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com,” the fake notifications read.
The Your Orders
button doesn’t really point to a legitimate Amazon website, but to a Canadian site that has been compromised to take part in a malware-spreading campaign. The attackers placed a file called amazinhdtv.html
in the wp-admin
folder of the website.
They most likely took advantage of the fact that the WordPress version used by the website was outdated and full of easy-to-exploit security holes.
the victim is presented with this message, “Thank you for shopping with us. We thought you'd like to know that we shipped your item, and that this completes your order. Your order is on its way, and can no longer be changed.”
“If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com. ORDER #002-8015892-4413019 This shipment does not have an associated tracking or delivery confirmation number.”
In the background, a nasty Trojan is downloaded onto the victim’s computers via unpatched vulnerabilities.
We advise users to be cautious when receiving emails that appear to be sent by Amazon.