The email message below with the subject: "Your Amazon.co.uk order} 837-1171095-3201918," has malicious Microsoft Word document attached to it that will infect your Windows computer if you open it. The message was not sent by Amazon and was designed to trick the recipients into opening the malicious attachment, disguised as an invoice. So, if you receive the same email message, please do not attempt to open the attachment.
The Virus Email Message
From: AMAZON.CO.UK [order @amazon.co.uk]
Date: 13 October 2014 08:32
Subject: Your Amazon.co.uk order} 837-1171095-3201918
Hello,
Thanks for your order. We’ll let you know once your item(s) have dispatched.You can view the status of your order or make changes to it by visiting Your Orders on Amazon.co.uk.
Order Details
Order #837-1171095-3201918 Placed on October 11, 2014
Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon. Amazon.co.uk
The email message contains a Microsoft Word document with a name of random numbers. The document contains a set of Macro instructions that will download a malicious file from the following website:
- weststarradio.co.uk/js/1.bin.exe
The malicious Microsoft Word document is dangerous to you if you open it and enable "Macros".
The website weststarradio.co.uk may have been compromised and the malicious file 1.bin.exe placed on it.
We found the following threats after scanning the malicious file:
- MSIL5.VYV
- Trojan/Win32.Inject
- MSIL:GenMalicious-AUO [Trj]
- Trojan.PWS.Panda.5676
- Backdoor.Androm 20141015
- Spyware.ZeuS.Dyn
- BehavesLike.Win32.Backdoor.dh 20141015
- Troj/Msil-ANY
The cybercriminals behind these malicious email messages aims are to trick the curious recipients into opening the malicious attachment, which will infect their computers with a virus or Trojan horse.
Once your computer has become infected with this malicious Trojan horse, the cybercriminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.
Now, if you have already opened the malicious attachment, please do a full scan of your computer with the antivirus software installed on it. The name of the attachment may change, so be careful when opening email attachments.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
Click here for a list of email attachments you should never open, regardless of where they came from.
For a list of other virus email messages, please click here.
This virus email message is related to the following: