This IS NOT 'your order'

If you get email with subject lines such as "Your Order No 129589 – Warner Music Inc." or "Your Order No 489889 – Cell Phone Inc." -- delete them.

It's a scam, warns Phil Hay of the M86 security lab.

In a blog post, he warns that the attached .pdf file is loaded with malicious code:

The attached .pdf contains a bunch of obfuscated JavaScript, which attempts to exploit the Adobe getIcon vulnerability (CVE-2009-0927). If successful, the following payload is downloaded:


The 1.php file is an executable downloader (VirusTotal Report). Another piece of malware is then downloaded and installed (VirusTotal Report), which is a spambot that proceeds to spam further copies of the .pdf file.

The blog post includes screen shots you'll want to beware of.

--Bill Brenner

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Healthcare records for sale on Dark Web