View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 4, 2014

Malware botnet targets US Christmas shoppers

Emails spoofing order confirmations appear convincing, but only on first glance.

By Jimmy Nicholls

A malware botnet capable of spoofing the confirmation pages for ecommerce sites is targeting US shoppers in the run-up to Christmas, according to Malcovery Security.

ASProx spreads itself by telling victims that their order is ready to be picked up at a local store, including a link to a malicious website that drops malware onto the person’s system, or an email attachment used for the same end.

Gary Warner, CTO at Malcovery, said: "We were able to demonstrate that this spam message is the newest look and feel of the long-running ASProx botnet that has most famously spent the year delivering EZ-Pass Malware [targeting an electronic toll system] and Court Notice malware."

"We were also able to identify that the same ASProx botnet was currently spamming emails imitating [US retailers] Home Depot, Walmart, Costco, and Target."

While the emails appeared convincing, and included company branding, sender names and emails were not correlated to the relevant sites, meaning that an email imitating one company might be addressed from another.

The two methods of dropping malware (by link or by attachment) were also found to be linked to different command and control (C&C) infrastructure, which are used by hackers to issue malware with instructions and create a botnet.

Warner added that the malware was evolving, with newer version of the campaign targeting other US retailers like The Kroger Company and Walgreens.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.