Author: theninja

Nasty Amazon Virus Email

Gone are the days when email based viruses would only fool people with the computer skills of my father, I quote “well it said click the link, so I did”. The combination of dreadful spelling and use of strange sounding words like ‘modernity’, made them easy to spot. However things are changing, I don’t know about you but the virus riddled emails I receive are looking more and more professional and worse plausible.

Here’s one I got today which I’d never seen before – (click to enlarge, it’s only a screenshot)

Scam Amazon Virus

 

It’s basically an email spoofed from Amazon confirming delivery of an order.  Doesn’t sound that clever? Well no but the difference is this one is convincing because –

  • The email is an exact copy of a real Amazon confirmation notification.
  • All the links point back to genuine Amazon pages.
  • There are no errors or spelling  mistakes.
  • All Dates are correct,

In fact there is only one difference between this and a real Amazon confirmation message, is the poor formatting and this one has an attachment with a confirmation of the order.  Formatting can easily be overlooked purely because of the different ways email clients tend to render certain emails, mine is forever making emails look awful.  However no legitimate Amazon email ever has an attachment with any sort of details, and I suspect they never will.   The attachment claims to be a Word document which it is, but this document contains a host of nasty malware and viruses in the form of corrupted Word Macros.

Another worrying aspect is that none of the major Virus checkers see any infection with this file, I ran the file through 50 of  the main ones through Virus Total and nothing detected it.  That’s not one, so all this AV software is absolutely no protection to you if you decide to view this document.   Word may save you if you don’t have Macro’s enabled although you will be prompted to enable them (hint – don’t, a very bad idea!). In reality the only thing that would save people is natural reluctance to click on attachments and the suspicion that it didn’t look quite right.

Both these could be easily overlooked depending on the recipient, someone who is in a rush, not thinking could easily click on this link.   IT’s very easy to imagine someone skimming the email, thinking “I never ordered anything today” and opening the attachment to check.  Normally you look at these emails and think who’d be stupid enough to open that, but not these!  Rumor has it that these emails are particularly being targeted towards the business environment where people are sometimes more likely to click these attachments (partly because the levels of spam reaching their clients is often severely reduced due to internal spam filters.)

I suspect this email will receive very high click rates compared to most phishing emails.  It’s worrying to think that these are going to get less straight forward to spot.  We can protect ourselves online in legitimate ways, like using secure VPNs  like this, or AV software but sometimes it’s not going to be enough.  Remember not one AV client at the time of writing picked up this malware.  The safest option is never to click on any attachment at all, in reality there’s no legitimate requirement to send anyone an attachment  in an email nowadays and none of the big companies would ever do so.