Your order has been paid! Parcel NR.5748
From what I can see, variations of BredoLab virus keeps on coming. I’ve already wrote two articles about suspicious e-mails that I’ve received. Those mails contained a virus that wasn’t detected by my antivirus software (Microsoft Security Essentials).
Both mails came from spoofed ups.com domain. This time, we have a spoofed amazon.com domain, so be careful.
I’ve received this suspicious mail this morning and I am sure that it contains a virus, probably another variant of Bredolab trojan. The problem is that this variant still isn’t recognized by some of the most popular Anti Virus applications like Microsoft Security Essentials, Avast, NOD32, Panda, Kaspersky etc. According to virustotal.com, only 20% of tested antivirus applications managed to detect a thread which includes Sophos, Symanted, Trendmicro etc..
Here are the contents of this mail:
From: Shop Support Dolly Davison [support.shop@amazon.com]
Subject: Your order has been paid! Parcel NR.5748 (Note: it can contain different numbers as those are generated randomly)
Attachment: Print_label_6387.zip (contains Print_label_6387.exe)
Body:
Hello!
Thank you for shopping at Amazon.com
We have successfully received your payment.
Your order has been shipped to your billing address.
You have ordered ” Dell Inspiron Mini 1011 “
You can find your tracking number in attached to the e-mail document.
Print the postal label to get your package.
We hope you enjoy your order!
Amazon.com
————————–
I have reported suspicious file to Microsoft and will update this article once I get results.
UPDATE: Microsoft confirmed that this is another variant of Trojan:Win32/Oficla.M. Please update your virus definitions so you can be fully protected.
More information HERE.
I just received an e-mail from cremationld7@reveo.com in the subject line “Your order has been paid! Parcel NR***” I can’t remember the numbers after the NR, but I did not even bother to open the message. I don’t open any e-mails that I don’t recognize.