“Dell online store” trojan emails

Websense Security Labs has received reports of a new email campaignÃ‚Â starting inÃ‚Â Australia that attempts to lure users to connecting to a malicious website.

The Australia CERT has reported emails that are spoofing the Dell online store. The emails claim that the user is being charged for a camera purchase and requests they connect to a site in order to view their profile. The site is encoding their code via Java Script.Ã‚Â

When decoded it includesÃ‚Â eight different IFRAMES, all which attempt to load exploit code and download and install new malicious code. The site itself appears to be going up and down sporadically.

Sample Email from the original advisory:

Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Subject: Your order #[number] has been accepted for the amount
Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â 865.00 AUD

Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â From:Ã‚Â Ã‚Â Ã‚Â Dell online Store

Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Thank you for shopping with us.
Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Your order #[number] Canon DF-E037 8.0 MP Digital Camera has been
Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â accepted for the amount 865.00 AUD.
Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Your card will be charged in that amount.
Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Thank you for your purchase.

Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â You can check the order in your profile.
Ã‚Â
HTTP://URL Removed

Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Thank you.
Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â DellÃ‚Â Online Store.
Although this appears to be a new deception technique the website has been used in malicious code attacks in the past and Websense customers are protected from connecting to it already.

“Dell online store” trojan emails

Featured news

Sponsored

Don't miss