Newegg Virus...

[ITJunkie]

Not sure if anyone has posted this yet but received a receipt for a purchase from Newegg today that was never made. Of course, it had the "receipt" supposedly in pdf form attached to the email. It's a virus as confirmed by Newegg Customer Support.
I have to admit that this is one of the more clever ones...the fvcking b@st@rds!! :|

 

[InlineFive]

It's not as bad as the Uber Deals on their frontpage.

 

[RebateMonger]

Thanks for the warning. I just got my Newegg "Receipt", for an order that I never placed.

Hopefully, my Exchange Server's AV took care of it. But I think I won't tempt fate by playing with that attachment.

The attachment is called "order_37679041.zip", although the email from "Newegg" says it's a .PDF. It's for a $2500 Sony VAIO computer.

 

[n0cmonkey]

Originally posted by: RebateMonger
Thanks for the warning. I just got my Newegg "Receipt", for an order that I never placed.

Hopefully, my Exchange Server's AV took care of it. But I think I won't tempt fate by playing with that attachment.

The attachment is called "order_37679041.zip", although the email from "Newegg" says it's a .PDF. It's for a $2500 Sony VAIO computer.

Something like this?

 

[RebateMonger]

Originally posted by: n0cmonkey
Something like this?

Exactly. And I imagine that it WASN'T detected by my Exchange Antivirus, although I use eTrust, which the SANS.ORG note says is able to detect it.

 

[ITJunkie]

Originally posted by: RebateMonger

Originally posted by: n0cmonkey
Something like this?

Exactly. And I imagine that it WASN'T detected by my Exchange Antivirus, although I use eTrust, which the SANS.ORG note says is able to detect it.

I know...mine didn't catch it either but at least I was able to stop it before anyone did something with it

 

[Parasitic]

I've gotten a couple of them, some marked as orders from Circuit City, Newegg, Buy.com, and Overstock?

Virus writers have become smarter.

 

[pcgeek11]

I have never received a " receipt " from anyone in PDF fromat before...

pcgeek11

 

[RebateMonger]

Originally posted by: Parasitic
Virus writers have become smarter.

I recall a couple of emails over the years that tempted me to open them, and turned out to be malware So far, I've resisted temptation, but some have been pretty clever and I wouldn't call somebody an idiot if he/she opened them up.

The scary thing about some (including this one) is that they've included new varieties of malware that weren't caught by up-to-date AntiVirus programs. You had to wait a day before the AV makers caught up.

This latest one has the following traits:
An ALMOST-literate cover letter. Thre are a couple of slips, but it's not bad. At least all the words are spelled properly.
An appeal to greed. Everybody likes getting free stuff.
An attachment in .ZIP format, which gets by most email filters.
A claimed .PDF format for the attachment, which most people consider "safe".
A .ZIP format, which is tougher to scan because of the embedded nature of the actual content.

 

[jhu]

Originally posted by: RebateMonger

Originally posted by: Parasitic
Virus writers have become smarter.

I recall a couple of emails over the years that tempted me to open them, and turned out to be malware So far, I've resisted temptation, but some have been pretty clever and I wouldn't call somebody an idiot if he/she opened them up.

The scary thing about some (including this one) is that they've included new varieties of malware that weren't caught by up-to-date AntiVirus programs. You had to wait a day before the AV makers caught up.

This latest one has the following traits:
An ALMOST-literate cover letter. Thre are a couple of slips, but it's not bad. At least all the words are spelled properly.
An appeal to greed. Everybody likes getting free stuff.
An attachment in .ZIP format, which gets by most email filters.
A claimed .PDF format for the attachment, which most people consider "safe".
A .ZIP format, which is tougher to scan because of the embedded nature of the actual content.

is this new malware an actual pdf file that exploits a flow in the adobe reader? or is it really a disguised executable?