Your order is awaiting verification! – Staples Virus

Sometimes spam, viruses and Trojan Horse emails are so convincing that they manage to trick users even after spam filtering has clearly identified the emails for their true nature.

The recent spate in bogus “Your order is awaiting verification!” emails claiming to be from Staples office supplies is a pretty good example.

Despite being clearly marked as viruses, we’ve seen many users attempt to resend these blocked messages to themselves, apparently believing that our blocking these messages represents a false-positive result on the part of our filtering, whereas the opposite is the case.

The emails typically arrive with spoofed headers such as:

Subject:     Your order is awaiting verification!
From:     “Staples Advantage Orders” <Order@staplesadvantage.com>

In truth, these are typically sent from personal computers that have been previously infected with this virus.

In an attempt to convince the recipient of the email’s legitimacy, statements will be vague as to particulars, but will usually include as statement to the effect:

Your order has been submitted and is awaiting verification from you.

And will tell you the reason for the order delay:

This is potentially due to missing or invalid order or payment information. If you receive this status message, please call Customer Service immediately for assistance.

As an added touch, and to hopefully confuse both recipients and their spam filters, the email usually contains a valid SSL link to a Staples Advantage web site:

https://order.staplesadvantage.com/webapp/wcs/stores/servlet/

And then will include a recent date and a randomized (and completely fake) order number for reference.

A typical example looks like this:

Staples Order Verification Trojan Horse

All of this effort is for one purpose only, and that’s to get the recipient to open and run the attached virus embedded as a Trojan Horse.

The singular email attachment is most commonly named something like:

  • Order_2321522.zip

Where the actual order number is again randomized and inside the compressed ZIP file is the payload “OrderDetails.exe”

Should the reader execute this file, their system will become infected and compromised, at which point their personal computer will become part of the zombie spam-bot network and under the control of remote hackers.

 

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , , , ,

Comments are closed.