Thursday, September 20, 2012

Did You Order HDTV from Amazon? - Yes | No, Phishers Targeting Amazon Brand !

The concept is the same so as the attack. This time attackers are using Amazon brand to spread infections on the Internet. The phishing email is drafted really well and shows that an order of ne product (HDTV) has been processed.  The email looks like as follows:


The browser is redirected to the web page showing the notification as follows:

The script looks like as shown below:


The deobfuscation results in the following code.



Again, the iframe loads content from third-party domain hosting Browser Exploit Pack (BEP). The interesting fact is that, we received a number of emails within a span of time. Every new phishing email has a new embedded URL as follows:

hxxp://shuraki.com/wp-admin/hdtvamazon.html [WordPress]
hxxp://swishmedia.ca/clients/amazinhdtv.html [Generic]
hxxp://tainguyenso.com/admincp/amazinhdtv.html [V Bulletin]

These emails look very genuine and authentic. It is highly advised that to be paranoid and think twice before interacting with these emails.