New Malware Spam Thanks You for Purchasing and Shopping with Them

If you find this useful please share it!

  • New Malware Spam Thanks You for Purchasing and Shopping with Them

In the last 24 hours some malicious agent has sent out a massive spam run with a malware payload behind a link to “open your invoice”, “download details” or “open your payment details”. The emails seem to come from senders such as admin@rodridersracing.com, jesmond.zammit@sis.com.mt, reservas@golfplazaresort.com, info@indyatour.com, info@renotahoewintergames.org and info@villapoggetto.it, and the text is all very gappy.

The one thing that they all have in common is that if you hover over the link (do not click it!) they actually go to a malware file being hosted on Dropbox (we are attempting to contact Dropbox to alert them as we are writing this).

dropbox spam

 

The general gist of the text in each one (provided here without the gaps, for ease of reading) is “Thanks for shopping with our company today! Your purchase will be processed shortly” or “Thank you for purchasing with us now! Your order is on process at present.”

How this really looked (the gappy version) was something like this:

 

“T han ks for sho pping w ith our comp an y to day! Your purch ase will be processed shortly.”

Spammers put the gaps in there in the hopes that it will help their email to get around certain spam filters.

So, whatever you do, do not fall for this! If you have already clicked on the link in such an email, you should take the following steps:

1. Determine to where your browser downloaded the zip file, and immediately delete it. Hopefully your system isn’t set to automatically unzip any zip files you download, but if it is, look for the unzipped files as well.

We know you're sick of ads on websites. But we still need to pay to keep the lights on for you. So instead of huge ads and video ads, we use smaller, plainer ads. Still, if you'd like to support the Internet Patrol but not the ads, please consider supporting us here:
Donate via Paypal
Other Amount:
What info brought you here today? (Optional):

2. Run your antivirus software (make sure it’s up to date).

3. Repeat 3 times: I will never click on a link sent to me in email again.

Here are some samples of this particular spam run:

From: info@indyatour.com

Thank you for purchas ing with us now! Your order is on process at present.

(Article continues below)
Get notified of new Internet Patrol articles for free!
Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!

Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
New Malware Spam Thanks You for Purchasing and Shopping with Them

BIL LING DETAI LS

Purc hase Numb er: GAX547266177
Orde r Date: 7.08 2.10.2014
Pur chaser Em ail: info@dadsrights.org

Or der Total: 4398 US D

Get the inv o ice

Plea se hi t the link provided at the top to view mo re info about this issue.
Begin forwarded message:


From: info@indyatour.com

Thank you for purchas ing with us now! Your order is on process at present.

BIL LING DETAI LS

Purc hase Numb er: GAX547266177
Orde r Date: 7.08 2.10.2014
Pur chaser Em ail: info@dadsrights.org

Or der Total: 4398 US D

Get the inv o ice

Plea se hi t the link provided at the top to view mo re info about this issue.


From: info@renotahoewintergames.org

Th an ks for shopping with us now! Your order is on process at present.

BILLING INFO

Purch ase Nu mber: JUY841590397
Pu rchase Date: 11:23 2-Oct-2014
Purchas er Email : info@dadsrights.org

Amount: 4040 US D ollars

Open your pay ment det ails

Please visit the link provided at the top to s ee more info about this issue.


From: info@renotahoewintergames.org

Th an ks for shopping with us now! Your order is on process at present.

BILLING INFO

Purch ase Nu mber: JUY841590397
Pu rchase Date: 11:23 2-Oct-2014
Purchas er Email : info@dadsrights.org

Amount: 4040 US D ollars

Open your pay ment det ails

Please visit the link provided at the top to s ee more info about this issue.


From: info@villapoggetto.it

Thank you f or sh opping with us today! Your purch ase wi ll be pro cessed shortly.

BILLIN G INFORMATION

Order Num ber: EJB865157539
Purchase Date: 11:39 30-Sep-2014
Customer Email: info@dadsrights.org

Amount: 6911 US Dollars

Download the receipt

Please click the link given above to have more info about this issue.


From: info@villapoggetto.it

Thank you f or sh opping with us today! Your purch ase wi ll be pro cessed shortly.

BILLIN G INFORMATION

Order Num ber: EJB865157539
Purchase Date: 11:39 30-Sep-2014
Customer Email: info@dadsrights.org

Amount: 6911 US Dollars

Download the receipt

Please click the link given above to have more info about this issue.

  
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

New Malware Spam Thanks You for Purchasing and Shopping with Them

Get notified of new Internet Patrol articles!
People also searched for 48 hours due to exceptionally high traffic on the ethereum network kinguin, Thank you for reading our email spam messages, thank you for purchasing scam, thank you for purchasing life after google scam, thank you customer for shopping with us Our company values scam, text message reads thank you for you order scam?, scam mens warehouse thank you for purchase, joe morris e-mail thank you for domino\s order scam, email spam thanks for reading our email, thank you for your purchase on kinguin net your order is processing and it may take up to 48 hours due to exceptionally high traffic on the ethereum network all information about the correct wallet address to transfer krowns will be delivered to your emai

If you find this useful please share it!

  • New Malware Spam Thanks You for Purchasing and Shopping with Them

4 Replies to “New Malware Spam Thanks You for Purchasing and Shopping with Them”

  1. A new article in Pro Publica, an online investigative journal, reports that a tracking cookie — they call a “zombie cookie” that cannot be killed — that is used by by Facebook, Google, and “everyone else” by an advertising company called Turn. It, as a
    tracking cookie cannot be deleted by Verizon. This is worthy of comment and alarm. JSL

  2. john@islandiapools.com
    To
    Me
    Jun 27
    Thank you for purchasing with our company now! Your purchase is processing right now. You will get additional information via a separate email.

    BILLING DETAILS

    Purchase Number: E151828823
    Purchase Date: 7:3806272014

    Payment Method: VISA
    Outright Purchase: 6412 USD

    Please check the HTML file given below to have more information about this issue.

  3. Here’s the one that I got.

    from: hend@abmarshipping.com

    ?

    Thanks for placing order with us today! Your purchase will be processed shortly.

    Amount: 6055 USD

    Please click the link given above to see more details about this issue.

    Download your invoice

    When I mouse over the link for “Download your invoice” it indeed points to a file being hosted on dropbox. Thank you for posting your research. It is a big help.

  4. I get Spam from a number of place that I would consider to reputable companies–such as CVS Pharmacy — but I find that I get three or more per day, often on the same page or another following page, but the sender will often have an address very much like “info@dadsrights.com” and each of the two or three will have a different sender– although are sometimes adjacent to each other on the same page. I can get one hundred or more pieces of spam per day. (I have no connection to social media and I have never bought anything online.) I wish this could be explained in depth.

Leave a Reply

Your email address will not be published. Required fields are marked *