- May 7, 2016
- 1,311
A new ransomware attack targeting Amazon users has been detected, using a spoofed sender address. Ironically, the campaign has surfaced just as new survey numbers show that most consumers are clueless about ransomware and what to do about it.
Comodo Threat Research Labs said in an alert that a rash of phishing emails have been sent to users supposedly originating from Amazon.com— with the sender email reading “auto-shipping@amazon.com.” Reportedly, there is no body to the email, but the subject is “Your Amazon.com order has dispatched (#code).” The components that do the damage are the attachments, which are included as Microsoft Word documents.
“This latest attack only increases the call to action to strengthen security measures,” the researchers said. “Cybercriminals adapt to attempts to block them, constantly creating new and more insidious strains of malware.”
When the documents were analyzed, it was determined there was no copy, only macro codes. Unsuspecting recipients are prompted to enable the contents of the documents so that the macro codes are then executed. This allows an executable file to be downloaded and to run.
That file is—you guessed it—actually ransomware.
Read More:Ransomware Targets Amazon Users, Though They're Likely Clueless
Comodo Threat Research Labs said in an alert that a rash of phishing emails have been sent to users supposedly originating from Amazon.com— with the sender email reading “auto-shipping@amazon.com.” Reportedly, there is no body to the email, but the subject is “Your Amazon.com order has dispatched (#code).” The components that do the damage are the attachments, which are included as Microsoft Word documents.
“This latest attack only increases the call to action to strengthen security measures,” the researchers said. “Cybercriminals adapt to attempts to block them, constantly creating new and more insidious strains of malware.”
When the documents were analyzed, it was determined there was no copy, only macro codes. Unsuspecting recipients are prompted to enable the contents of the documents so that the macro codes are then executed. This allows an executable file to be downloaded and to run.
That file is—you guessed it—actually ransomware.
Read More:Ransomware Targets Amazon Users, Though They're Likely Clueless
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}