ADVERTISEMENT

SUPEREGO

Warning: Fake Amazon Emails Redirect Users to Malware-Serving Sites

Gallery Icon

bill-swift - June 24, 2012

Email scams are pretty easy to pick out and identify. As far as scams go, they're pretty transparent in the sense that they don't always get your information right. For example, if you get notifications from Classmates.com and it's addressed to someone else, then that's probably not yours. Or it's a scam, through and through.

That in itself as a huge warning sign, so if the alarms ring, it's time to hit the 'Spam' button and delete that message. More emails of this kind are currently on the loose, like these emails purportedly from Amazon.com that will redirect users to malicious and compromised websites.

Experts from security firm GFI have come across these emails, reporting that they're usually sent out with a subject that reads: "Your Amazon.com order confirmation" from a sender named Amazon.com. Yes, that's right; "Amazon.com" is the sender name, not the address.

The spammers behind this scam aren't so bright, however, as they've addressed the emails to multiple recipients. No online store does that, and especially not retailing giant Amazon.

All links in the email body, apart from the linked email address, lead users to the same HTML page that are hosted on various legitimate but compromised WordPress domains.

If JavaScript is disabled, the browser will prompt them to allow the program to run in the background. If enabled, the hidden and obfuscated iframe code is executed without a problem.

-- Jovi Umawing, security expert at GFI

The compromised URLs contain the Blackhole exploit code, which grants cyber criminals access to your computer remotely so they can get your information, steal your stuff, and maybe even turn your machine into a botnet.

So here's what you should do: install an anti-virus program if you haven't already, keep it updated, and do a check on all your current software, especially those from Adobe, to make sure they're all patched up and up-to-date.

Tagged in: gear ,



Comments
Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on egotastic.com unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@)egotastic.com and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.



>