This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Spammers target Amazon holiday shoppers with Trojan-infected emails

Share this article:

Researchers at Malwarebytes say that spammers are targeting Amazon account holders with emails carrying two different types of Trojan malware.

Spammers are sending fake Amazon invoice receipts
Spammers are sending fake Amazon invoice receipts

Researchers at Malwarebytes say that spammers are targeting Amazon account holders with emails carrying two different types of Trojan malware.

Christopher Boyd gave a detailed breakdown of the spam messages on the firm's blog, where he said that suspicions were raised after receiving purported Amazon order invoices dated on the 8th and 9th of December.

The emails, which targeted those with Microsoft Live email accounts, were attached to infected ZIP files which falsely claim to contain both the order invoice and order details.

Boyd found that there were two types of Trojans – the Trojan.Inject.RRE (virus score 28/49) and Trojan.Zbot.ML (virus score 19.49) – inside the ZIP files, but said that Outlook/Hotmail accounts caught both messages as spam. He added that the webmail client was able to pick up that the emails were infected with an unknown virus.

The analyst added that Amazon delivery notice spam emails are common at this time of year, but nonetheless urged users to never download and run executive from a random file. He also said that users should familiarise themselves with the Amazon security page, the sender's email address and check to see if there are any other attached email addresses.

“If Amazon were going to email you about an order, they wouldn't CC in about a dozen or more additional email accounts belonging to somebody else,” he wrote. “Smart scammers would use BCC – take advantage of their laziness and learn to spot the red flags.”

“Amazon shoppers will continue to be popular targets for scammers throughout December, and fake orders/cancellations/invoices will be delivered straight to their doorstep for a few more weeks yet.”

When speaking to, Boyd said that spammers often targeted holiday shoppers too “rushed off their feet” to check email authentication, but said that the Trojans themselves are unlikely to be entirely new threats.

“Many of the files seen in this spam run are often reworked versions of older threats and anybody can repackage an older attack to help it bypass anti-virus protection. There seems to be a decent range of security coverage here, but the malware authors will likely continue to rework their files to infect as many PCs as possible.”

Sophos global head of security research James Lyne said that the news was further evidence of malicious code doing the rounds over the holiday season period, but warned ecommerce companies, like Amazon, that phishing attacks are now more sophisticated – and believable – than ever before.

“There are certain stereotypes about these kinds of spam messages but they aren't always true,” Lyne told “For example, scam messages don't always have bad English, poor copies of logos or really obviously dodgy links. Sometimes they look practically identical to legitimate messages."

Lyne continued by suggesting customers go directly to the vendor to confirm the status of their order, and said that they should ensure that their devices are fully patched, run up-to-date software and have endpoint security and web filtering to catch phishing web links.

Lyne said that holiday scams now range from fake parcel delivery notes and security issues with popular providers like Amazon to greeting cards from friends and family. 

“At this time of year people are far more likely to click without thinking even without the seasonal focus from cyber criminals. Not to be a holiday scrooge but we all need to be a little more sceptical this Christmas.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.