Fake order confirmation “Order Details” from Amazon contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Order Details”.

This email is send from the spoofed address “Amazon.co.uk ” and has the following body:

Good evening,
Thank you for your order. We’ll let you know once your item(s) have dispatched.You can view the status of your order or make changes to it by visiting Your Orders on Amazon.co.uk.
Order Details
Order R:131216 Placed on October 09, 2014

Order details and invoice in attached file.

Need to make changes to your order? Visit our Help page for more information and video guides.

We hope to see you again soon. Amazon.co.uk

The 532 kB malicious file is not present in a ZIP file but attached directly and has the name order_report_72364872364872364872364872368.exe (numbers may vary).

The trojan is known as Trojan.MSIL.BVXGen, BehavesLike.Win32.Dropper.qh or Win32.Trojan.Inject.Auto.

At the time of writing, 3 of the 53 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: 17de4b7fab716f6c87b5d3c941ecb5f5b01d5e4980cff71c88451acc90b22bb0

One thought on “Fake order confirmation “Order Details” from Amazon contains trojan

Comments are closed.