14 DAY TRIAL // A well-known online retailer's name is used in the latest spam campaign that's been spotted in the inboxes of potential victims, pretending to ask confirmation for an order that was never actually made.
According to Graham Cluley, the example he saw claimed that the victim purchased an external hard drive and a webcam which cost a total of almost $500 (350 EUR), a fact which could scare anyone.
The unsuspecting internauts could rush to click on the link provided in the email to see how this could be possible, but instead of receiving explanations, they end up with a zip file that contains malicious elements which take over the device.
As we see in this case, the cybercriminals registered a domain called yesasia-invoices.com just for the occasion, to make the whole thing look more legit.
Another thing that makes the scam look more real is that the messages seem to be coming from an automated service. This combined with the cleverly crafted domain could easily fool anyone.
The only way to tell that this is a hoax is to have a decent anti-virus that would tell you that the so-called detail file contains Mal/BredoZp-B and Troj/VB-FPL.
The latter operates by copying itself into a file called newegg.exe, in the Application Data folder of your computer, after which it creates a number of registry keys that make sure it will not be disposed of too easily. It then deploys a couple of proceses while making DNS requests to 1symantechantivirus.zapto.org and symantechantivirus.zapto.org.
In most cases, anyone who would see their savings being illegally drawn from their accounts would be quick to act and that's what the masterminds of this operation rely on. That you quickly open the alleged explanations, infecting your computer and giving them further access to your assets.
That's why you must make sure to proceed with caution when you receive an unsolicited email, no matter how alarming it may sound.