New Malware Spam Thanks You for Purchasing and Shopping with Them

In the last 24 hours some malicious agent has sent out a massive spam run with a malware payload behind a link to “open your invoice”, “download details” or “open your payment details”. The emails seem to come from senders such as admin@rodridersracing.com, jesmond.zammit@sis.com.mt, reservas@golfplazaresort.com, info@indyatour.com, info@renotahoewintergames.org and info@villapoggetto.it, and the text is all very gappy.

The one thing that they all have in common is that if you hover over the link (do not click it!) they actually go to a malware file being hosted on Dropbox (we are attempting to contact Dropbox to alert them as we are writing this).

dropbox spam

 

The general gist of the text in each one (provided here without the gaps, for ease of reading) is “Thanks for shopping with our company today! Your purchase will be processed shortly” or “Thank you for purchasing with us now! Your order is on process at present.”

How this really looked (the gappy version) was something like this:

“T han ks for sho pping w ith our comp an y to day! Your purch ase will be processed shortly.”

Spammers put the gaps in there in the hopes that it will help their email to get around certain spam filters.

So, whatever you do, do not fall for this! If you have already clicked on the link in such an email, you should take the following steps:

1. Determine to where your browser downloaded the zip file, and immediately delete it. Hopefully your system isn’t set to automatically unzip any zip files you download, but if it is, look for the unzipped files as well.

2. Run your antivirus software (make sure it’s up to date).

3. Repeat 3 times: I will never click on a link sent to me in email again.

Here are some samples of this particular spam run:

From: info@indyatour.com

Thank you for purchas ing with us now! Your order is on process at present.

BIL LING DETAI LS

Purc hase Numb er: GAX547266177
Orde r Date: 7.08 2.10.2014
Pur chaser Em ail: info@dadsrights.org

Or der Total: 4398 US D

Get the inv o ice

Plea se hi t the link provided at the top to view mo re info about this issue.
Begin forwarded message:


From: info@indyatour.com

Thank you for purchas ing with us now! Your order is on process at present.

BIL LING DETAI LS

Purc hase Numb er: GAX547266177
Orde r Date: 7.08 2.10.2014
Pur chaser Em ail: info@dadsrights.org

Or der Total: 4398 US D

Get the inv o ice

Plea se hi t the link provided at the top to view mo re info about this issue.


From: info@renotahoewintergames.org

Th an ks for shopping with us now! Your order is on process at present.

BILLING INFO

Purch ase Nu mber: JUY841590397
Pu rchase Date: 11:23 2-Oct-2014
Purchas er Email : info@dadsrights.org

Amount: 4040 US D ollars

Open your pay ment det ails

Please visit the link provided at the top to s ee more info about this issue.


From: info@renotahoewintergames.org

Th an ks for shopping with us now! Your order is on process at present.

BILLING INFO

Purch ase Nu mber: JUY841590397
Pu rchase Date: 11:23 2-Oct-2014
Purchas er Email : info@dadsrights.org

Amount: 4040 US D ollars

Open your pay ment det ails

Please visit the link provided at the top to s ee more info about this issue.


From: info@villapoggetto.it

Thank you f or sh opping with us today! Your purch ase wi ll be pro cessed shortly.

BILLIN G INFORMATION

Order Num ber: EJB865157539
Purchase Date: 11:39 30-Sep-2014
Customer Email: info@dadsrights.org

Amount: 6911 US Dollars

Download the receipt

Please click the link given above to have more info about this issue.


From: info@villapoggetto.it

Thank you f or sh opping with us today! Your purch ase wi ll be pro cessed shortly.

BILLIN G INFORMATION

Order Num ber: EJB865157539
Purchase Date: 11:39 30-Sep-2014
Customer Email: info@dadsrights.org

Amount: 6911 US Dollars

Download the receipt

Please click the link given above to have more info about this issue.

69
Get notified of new Internet Patrol articles!
Summary
New Malware Spam Thanks You for Purchasing and Shopping with Them
Article Name
New Malware Spam Thanks You for Purchasing and Shopping with Them
Description
Beware the massive spam run with a malware payload behind a link to "open your invoice", "download details" or "open your payment details".
Author

4 Replies to “New Malware Spam Thanks You for Purchasing and Shopping with Them”

  1. A new article in Pro Publica, an online investigative journal, reports that a tracking cookie — they call a “zombie cookie” that cannot be killed — that is used by by Facebook, Google, and “everyone else” by an advertising company called Turn. It, as a
    tracking cookie cannot be deleted by Verizon. This is worthy of comment and alarm. JSL

  2. john@islandiapools.com
    To
    Me
    Jun 27
    Thank you for purchasing with our company now! Your purchase is processing right now. You will get additional information via a separate email.

    BILLING DETAILS

    Purchase Number: E151828823
    Purchase Date: 7:3806272014

    Payment Method: VISA
    Outright Purchase: 6412 USD

    Please check the HTML file given below to have more information about this issue.

  3. Here’s the one that I got.

    from: hend@abmarshipping.com

    ?

    Thanks for placing order with us today! Your purchase will be processed shortly.

    Amount: 6055 USD

    Please click the link given above to see more details about this issue.

    Download your invoice

    When I mouse over the link for “Download your invoice” it indeed points to a file being hosted on dropbox. Thank you for posting your research. It is a big help.

  4. I get Spam from a number of place that I would consider to reputable companies–such as CVS Pharmacy — but I find that I get three or more per day, often on the same page or another following page, but the sender will often have an address very much like “info@dadsrights.com” and each of the two or three will have a different sender– although are sometimes adjacent to each other on the same page. I can get one hundred or more pieces of spam per day. (I have no connection to social media and I have never bought anything online.) I wish this could be explained in depth.

Leave a Reply

Your email address will not be published. Required fields are marked *