Fake Amazon shipping update email spreads malware.

Are you waiting for a delivery from Amazon.com? Then be careful….
If you receive a below notification in your email, as it could be that hackers are trying to trick you into infecting your computer.

When we click on “Shop Now & Save”, it downloads the file in a zip format, which contain the malicious file.

The download location of the file is below,

https://marc.info/?l=phpdoc&m=124294161207621&q=p3

This script contains additional urls. From where it downloads and executes additional malwares on the affected machine. The data identified by the above URL was then requested from the remote web server.

https://{xxxx}dnl.com/6-40/l/a/laabaa/tdl.exe
https://www.{xxxx}btown.com/laabaa/tdl.exe

More information about remote host server.

Domain : – MARC.INFO
Person : – Private Person
Created : – 2002.07.13
IP Country : – US
IP Address : – 70.89.85.151 , 173.79.223.25

If you received the email as above please don’t open the attached ZIP file as it contains malware.
Quick Heal detects it as “Trojan.Agent.cifa” .

Thanks Mahesh.