Warning! JavaScript is turned off or disabled! Some features on this website will not work.
« »
»
Advertisements

Fake "Request Approved" Comprafacil Email Contains Link to Malware

2014-09-05T17:02:49  +
Fake "Request Approved" Comprafacil Email Contains Link to Malware

The email message below with the subject: "Request Approved" or "Pedido Aprovado" is a fake and contains a link to a malware located on Google Docs. The email message was not sent by Comprafacil, although it appeared to have been sent from their email address. Please do not open the email, click on the link, or download the malicious file.

Please continue reading below.

Advertisements

Comprafacil.com or Comprafacil.com .br is one of the top three e-commerce websites in Brazil.

The Fake Comprafacil Email

Subject: Pedido Aprovado
Date: Mon, 24 Jun 2013 01:38:19 -0300
From: Comprafacil @comprafacil.com

Prezado(a) Cliente,

Gostariamos de informar que o debito em seu cartao de credito foi efetuado e o pagamento ja foi confirmado. Sua mercadoria ja esta em transporte.

Lembramos que para facilitar o recebimento, e necessario que haja alguem autorizado no local da entrega.

Previsao de entrega:

28/06/2013.

Para acompanhar seu pedido, por favor acesse o link abaixo:www.comprafacil.com/pedido.asp?pedido4782=sp?confirmada

Atenciosamente, SAC - www.comprafacil.com

Translated into English:

Subject: request Approved
Date: Mon, 24 Jun 2013 01:38:19 -0300
From: Comprafacil @comprafacil.com

Dear (a) Customer

We would like to inform you that the debit on your credit card and the payment was made has already been confirmed. Their merchandise is already in transit.

Remember that to facilitate the receipt, it is necessary that there be someone authorized on-site delivery.

Prediction of delivery:
28/06/2013.

To track your order, please visit the link below:

www.comprafacil.com/pedido.asp?pedido4782=sp?confirmada

Sincerely, SAC - www.comprafacil.com

Although the link in the email message appears to go to the website www.comprafacil.com at the following location, it does not:

  • http://www.comprafacil.com/pedido.asp? pedido 4782=sp?confirmada

The link actually goes to the web page Cliente.html on the website sustente.org .br, located at the following web address:

  • http://sustente.org .br/clientes/cliente02 /Cliente.html

The Cliente.html web page then downloads the malicious file from the Google Docs website at the following location, where the malicious file is stored:

  • https://docs.google.com/ uc?id=0BzlAOijoJXwTMj VYNy1a WXRHTU0&export=download

The name of the malicious file is "pedido4782=spconfirmada.com".

Do not open this malicious file because you have an antivirus software installed. This is because only seven antivirus software were able to detect this malicious program.

Also, please remember that the name of this malicious file may change.

The following shows the list of antivirus software and the threat they detected when they scanned the file: "pedido4782=spconfirmada.com".

File name: pedido4782=spconfirmada.com
Analysis date: 2013-06-24 10:21:05 UTC

Threat:

  • AntiVir TR/Symmi.20860.10
  • BitDefender Gen:Variant.Symmi.18194
  • Emsisoft Gen:Variant.Symmi.18194 (B) 20130624
  • F-Secure Gen:Variant.Symmi.18194 20130624
  • GData Gen:Variant.Symmi.18194
  • McAfee-GW-Edition Heuristic.BehavesLike. Win32.Suspicious-BAY.K
  • TrendMicro-HouseCall TROJ_GEN.F47V0624

If you receive the malicious email message, please delete it and warn your friends and family about it.

If you have already downloaded and open this file, please download and install one of the the free version of the antivirus software below:

BitDefender - click here to download

Avira - click here to download

Use the antivirus software to do a full scan of your computer.

Please share with us what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

Remember to help us, help you, by donating. 🎁Click here to donate

Please continue reading below.

Advertisements
Comments, Questions and Reviews ✍
(Total: 0)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

↓ Show More of the 0 Comments ↓

Write Your Comment, Question or Review

Write your comment, question or review in the box below to share what you know or to get answers. Please revisit after an hour or more to view reponses or answers to you questions.

Your comment, question or review will be posted as an anonymous user because you are not signed in. Sign-in.