Amazon order details email with attached Order contains trojan

It is almost the end of 2013 and online shopping is booming with an increase in orders being made on several online web shops. This also affects the numbers of dispatched orders by courier and this is an excellent opportunity to send out some fake order details emails with an attached virus or trojan, something that we really see happen during the last few days.

MX Lab,, started to intercept a new trojan distribution campaign by email with the subject “order #852-9045074-5639529” or “order ID801-7322179-4122684”.

This email is send from the spoofed address “”AMAZON.CO.UK” <SALES@AMAZON.CO.UK>”and has the following body:

Good evening,

Thank you for your order. We’ll let you know once your item(s) have dispatched.You can view the status of your order or make changes to it by visiting Your Orders on

Order Details

Order ID266-3050394-3760006 Placed on December 2, 2013

Order details and invoice in attached file.

Need to make changes to your order? Visit our Help page for more information and video guides.

We hope to see you again soon.

The attached ZIP file has the name Order and contains the 86 kB large file Order details.exe.

The trojan is known as Trojan-PWS.Fareit, Trojan.Inject.RRE, PE:Malware.FakeDOC@CV!1.9C3C or Mal/Generic-S.

At the time of writing, 5 of the 46 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink and Malwr permalink for more detailed information.
SHA256: 0cb39edbc66388a3315b84e0aa9f95b9e58ce4aab3e3e188ba0537694956afbc.

3 thoughts on “Amazon order details email with attached Order contains trojan

  1. In a rush and expecting an email from Amazon, I opened the file. Soon as I did I realized something was wrong as it sat there working but not going anywhere. I stopped the opening.

    What does this trojan affect? I do know that suddenly the ultrabook I opened it with can now no longer open a browser, while a notebook sitting next to it, can. Email no longer works either. Modem/router shows to be online and is evidenced by the second machine browsing and pulling email just fine.

  2. Hey there! I could have sworn I’ve been to this blog befοre
    but after checking through sоme of the post I realіzed it’s new to me.
    Nonetheless, I’m definitely glad I found it anԁ
    I’ll be bookmarking and checking bаck often!

  3. Stupid me I open this email and click on the zip file:( I did it from my iphone and nothing opened up am I ok? If I connect to my laptop (MacBook) could it transfer? I never open those things but I had just given my account info to my hubby and thought he ordered something.

Comments are closed.