Bogus Amazon order for Sony VAIO carries malware

Graham Cluley
@gcluley

SophosLabs is intercepting a large amount of malicious spam at the moment, disguised as an email from Amazon.com.

The emails claim that the recipient has ordered a Sony VAIO A1133651A, and that documentation for tracking the delivery can be found in the file attached to the email.

However, this file (track.zip) contains a malicious Trojan horse – designed to infect Windows computers with fake anti-virus software (also known as scareware).

Of course, this tactic is nothing new. But clearly cybercriminals think it is still an effective route to achieve their goal – to infect as many computers as possible with their malware.

A typical email has the following characteristics:

Subject: Thank you for setting the order No.538532
Message body:

Dear Customer!

Thank you for ordering at our online store.
Your order: Sony VAIO A1133651A, was sent at your address.
The tracking number of your postal parcel is…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.