We want to inform you of two different email messages we’ve been receiving lately in the lab in order to distribute malware designed to steal information.

One of them seems to have been sent by Amazon and informs you that they have received your payment and your order has been already sent. In order to check your tracking number, have a look at the attached document.

These messages have the following characteristics:

  • Subject:
    Amazon Shop!
    Your order has been paid! Parcel NR.XXXX (XXXX are random digits)
  • Message:
    The content of the message is always the same, except for the item that has been ordered. We’ve detected emails using the following gadgets among many others: Sony VAIO VGC-JS230J, Apple iPhone 3G and Nokia E65.

    The following is an example:
    Hi!  Thank you for shopping at Amazon.com We have successfully received your payment.  Your order has been shipped to your billing address.   You have ordered ” Sony VAIO VGC-JS230J “  You can find your tracking number in attached to the e-mail  document.   Print the postal label to get your package.   We hope you enjoy your order! Amazon.com

  • Attachment: Postal_package_NRXXX.zip (XXX stands for random digits)

The attached file contains a copy of the malware, which has been detected as Sinowal.WVI.

The other type of emails uses a very typical bait to trick users: greeting cards. We’ve received nearly 5,000 messages in the last three days.

The  message is simple: someone has sent you a greeting card and to view it, you have to click the link included in the message.

If you follow the link, your computer will be infected by malware that is designed to obtain confidential information.

The message is like the following:

greeting_card_en

As you can see, there is a spelling mistake at the end of the message: instead of “available”, it says “aviailable”. This is one of the typical clues that can help you to distinguish between a real message and a fake one.

Be careful with these types of messages and if you receive a message like any of these mentioned above,  ignore it.