This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Spammers target Amazon holiday shoppers with Trojan-infected emails

Share this article:

Researchers at Malwarebytes say that spammers are targeting Amazon account holders with emails carrying two different types of Trojan malware.

Spammers are sending fake Amazon invoice receipts
Spammers are sending fake Amazon invoice receipts

Researchers at Malwarebytes say that spammers are targeting Amazon account holders with emails carrying two different types of Trojan malware.

Christopher Boyd gave a detailed breakdown of the spam messages on the firm's blog, where he said that suspicions were raised after receiving purported Amazon order invoices dated on the 8th and 9th of December.

The emails, which targeted those with Microsoft Live email accounts, were attached to infected ZIP files which falsely claim to contain both the order invoice and order details.

Boyd found that there were two types of Trojans – the Trojan.Inject.RRE (virus score 28/49) and Trojan.Zbot.ML (virus score 19.49) – inside the ZIP files, but said that Outlook/Hotmail accounts caught both messages as spam. He added that the webmail client was able to pick up that the emails were infected with an unknown virus.

The analyst added that Amazon delivery notice spam emails are common at this time of year, but nonetheless urged users to never download and run executive from a random file. He also said that users should familiarise themselves with the Amazon security page, the sender's email address and check to see if there are any other attached email addresses.

“If Amazon were going to email you about an order, they wouldn't CC in about a dozen or more additional email accounts belonging to somebody else,” he wrote. “Smart scammers would use BCC – take advantage of their laziness and learn to spot the red flags.”

“Amazon shoppers will continue to be popular targets for scammers throughout December, and fake orders/cancellations/invoices will be delivered straight to their doorstep for a few more weeks yet.”

When speaking to SCMagazineUK.com, Boyd said that spammers often targeted holiday shoppers too “rushed off their feet” to check email authentication, but said that the Trojans themselves are unlikely to be entirely new threats.

“Many of the files seen in this spam run are often reworked versions of older threats and anybody can repackage an older attack to help it bypass anti-virus protection. There seems to be a decent range of security coverage here, but the malware authors will likely continue to rework their files to infect as many PCs as possible.”

Sophos global head of security research James Lyne said that the news was further evidence of malicious code doing the rounds over the holiday season period, but warned ecommerce companies, like Amazon, that phishing attacks are now more sophisticated – and believable – than ever before.

“There are certain stereotypes about these kinds of spam messages but they aren't always true,” Lyne told SCMagazineUK.com. “For example, scam messages don't always have bad English, poor copies of logos or really obviously dodgy links. Sometimes they look practically identical to legitimate messages."

Lyne continued by suggesting customers go directly to the vendor to confirm the status of their order, and said that they should ensure that their devices are fully patched, run up-to-date software and have endpoint security and web filtering to catch phishing web links.

Lyne said that holiday scams now range from fake parcel delivery notes and security issues with popular providers like Amazon to greeting cards from friends and family. 

“At this time of year people are far more likely to click without thinking even without the seasonal focus from cyber criminals. Not to be a holiday scrooge but we all need to be a little more sceptical this Christmas.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Chinese hackers steal confidential documents on Israeli missile defence system

Chinese hackers steal confidential documents on Israeli missile ...

Chinese hackers comprised the computer systems of three Israeli defence contractors between 10 October 2011 and 13 August 2012 in order to steal hundreds on confidential documents on Israel's Iron ...

Security researcher finds exploitable flaws in 14 antivirus engines

Security researcher finds exploitable flaws in 14 antivirus ...

Joxean Koret, a security researcher at Singapore-based consultancy COSEINC, has found exploitable local and remote flaws in 14 of the 17 major antivirus (AV) engines used by most major AV ...

Russian government promises £60k bounty to Tor hackers

Russian government promises £60k bounty to Tor hackers

The Russian Ministry of Internal Affairs (MVD) is offering a 3.9 million ruble (approximately £64,600) reward to anyone who can find a way of identifying and tracking users of the ...