New Javascript malware: Your Amazon.co.uk order has dispatched contains ransomware Locky


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Your Amazon.co.uk order has dispatched (#583-6989419-8889556)”.

This email is send from the spoofed address “”Amazon.com” <auto-shipping@amazon.com>” and has no body content in the email. It is clear that this fake email doesn’t originate from Amazon directly.

The attached file invoice84576872.doc is a Word file with malicious macro.
The attached file ORDER-583-6989419-8889556.zip contains the file 4775327493_4421613.js.

The malware is detected as Trojan.Ransom-Locky!8.4655-fi21vws43hB (Cloud) by 3/56 AV engines at Virus Total.

One thought on “New Javascript malware: Your Amazon.co.uk order has dispatched contains ransomware Locky

  1. Hi, I got this one yesterday–subject line:
    Your Amazon.com order has dispatched (#768-5242654-8265193)
    attachment:
    ORDER-768-5242654-8265193 dot docm (70.4KB)
    Pretty sure this is a “ransom” virus. Not expecting any orders and this email came to an email address that Amazon doesn’t have for me.
    Please let me know if this is a virus also.
    Thank you,
    Herman Wolff

Comments are closed.