14 DAY TRIAL // Security researchers from Sophos warn that a new wave of fake emails posing as shipment updates from Amazon are distributing an autorun worm.
The rogue emails bear a subject of "Shipping update for your Amazon.com order" and their header is spoofed to appear as if they originate from an [email protected] address.
The contained message consists of the same text as the subject plus an alleged order number and instructions to "check the attachment and confirm your shipping details."
In addition, the body also contains an Amazon advertising banner and an image of an opened box, which were probably copied from a legit email sent by the company.
The attached file is called "Shipping documents.zip" and according to Sophos, it contains a malicious executable detected as W32/AutoRun-BHY.
This campaign has been timed to coincide with the holiday shopping season, a period of the year when people are likely to expect shipments from Amazon and other online stores.
Very similar spam emails were spotted last January and had the same spoofed sender address, the same message and the same attachment name, suggesting that this attack is the work of a spam gang which has been active for some while.
Amazon order shipments are a relatively common theme for infected emails. Maybe not as much as DHL or UPS, but enough to affect a large number of people.
Users are advised to exercise increased caution when dealing emails carrying attachments, regardless of their apparent origin. Multi-engine antivirus scan services like Virus Total can serve as a pretty good indication if a file is malicious or not.
"Remember that cold-hearted cybercriminals don't give a fig about it being Christmas. For them it's just another opportunity to fleece the unwary by infecting their computers, stealing data and taking over PCs for their own devices," warns Sophos' Graham Cluley.
