{"id":72711,"date":"2010-12-17T06:03:23","date_gmt":"2010-12-17T06:03:23","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72711"},"modified":"2010-12-17T06:03:23","modified_gmt":"2010-12-17T06:03:23","slug":"fake-amazon-shipping-update-email-spreads-malware","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/fake-amazon-shipping-update-email-spreads-malware\/","title":{"rendered":"Fake Amazon shipping update email spreads malware."},"content":{"rendered":"<p>Are you waiting for a delivery from Amazon.com? Then be careful\u2026.<br \/>\nIf you receive a below notification in your email, as it could be that hackers are trying to trick you into infecting your computer.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/amazon.JPG\" alt=\"\" width=\"498\" height=\"614\" \/><\/p>\n<p>When we click on <strong>\u201cShop Now &amp; Save\u201d<\/strong>, it downloads the file in a zip format, which contain the malicious file.<\/p>\n<p>The download location of the file is below,<\/p>\n<p>https:\/\/marc.info\/?l=phpdoc&#038;m=124294161207621&#038;q=p3<\/p>\n<p>This script contains additional urls. From where it downloads and executes additional malwares on the affected machine. The data identified by the above URL was then requested from the remote web server.<\/p>\n<p>https:\/\/{xxxx}dnl.com\/6-40\/l\/a\/laabaa\/tdl.exe<br \/>\nhttps:\/\/www.{xxxx}btown.com\/laabaa\/tdl.exe<\/p>\n<p>More information about remote host server.<\/p>\n<p>Domain : &#8211; MARC.INFO<br \/>\nPerson : &#8211; Private Person<br \/>\nCreated : &#8211; 2002.07.13<br \/>\nIP Country : &#8211; US<br \/>\nIP Address : &#8211; 70.89.85.151 , 173.79.223.25<\/p>\n<p>If you received the email as above please don&#8217;t open the attached ZIP file as it contains malware.<br \/>\nQuick Heal detects it as &#8220;Trojan.Agent.cifa&#8221; .<\/p>\n<p>Thanks Mahesh.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Are you waiting for a delivery from Amazon.com? Then be careful\u2026. If you receive a below notification in your email, as it could be that hackers are trying to trick you into infecting your computer. When we click on \u201cShop Now &amp; Save\u201d, it downloads the file in a zip format, which contain the malicious [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-72711","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72711"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72711"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72711\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}