Attackers Sent Out Trojan Emails on Behalf of Amazon - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner


Attackers Sent Out Trojan Emails on Behalf of Amazon

The mass mailing is one of the favorite ways criminals distribute malware. On June 26-27, 2014, Doctor Web's security researchers registered a large bulk of emails containing a dangerous Trojan. These emails were ostensibly sent by Amazon.

Since June 26, many users have been receiving fake, new order notifications, supposedly from this very well-known Internet company. The messages invite users to open an invoice attachment to access the details of their order. The message is written in English, and the text is the same in all currently known incidents. Only the order date and number vary:
Thank you for your order. We’ll let you know once your item(s) have dispatched. You can view the status of your order or make changes to it by visiting Your Orders on
The ZIP archive attached to the email contains the executable of BackDoor.Tishop.122 malware. Virus makers call this program Smoke Loader. This Trojan is designed to download other malicious applications onto an infected computer, and thus, systems lacking antivirus protection can be turned into bona fide malware menageries. 

After its launchBackDoor.Tishop.122 scans the environment for the presence of a "sandbox" or virtual machine, copies itself into a folder on the hard disk, adds its entry into the autorun section of the Windows Registry, and injects its code into a number of system processes. If the machine is connected to the Internet, the Trojan will attempt to download other malicious programs and run them on the infected computer.

Doctor Web urges users to exercise caution. Do not open email attachments from unknown senders, and do not try to view attached documents containing order information, unless you have actually ordered something in an online store. Such messages should be deleted immediately upon receipt. Dr.Web software successfully detectsBackDoor.Tishop.122, so the Trojan poses no threat to systems protected with Doctor Web anti-viruses.

Doctor Web is the Russian developer of Dr.Web anti-virus software. We have been developing our products since 1992. The company is a key player on the Russian market for software that meets the fundamental need of any business — information security.