‘Delay With Your Order’ Malware Email

Email purporting to be from a sales manager claims that there has been a delay with your order and that the ‘department’ is doing its best to resolve the problem. The email includes an attached .zip file that supposedly contains a copy of the delayed order.

Brief Analysis:
The email is not from any legitimate sales manager and the claim that an order has been delayed is just a trick to get you to open the attached file. The attachment contains a malicious javascript file that, if opened, can install malware on your computer.

Subject: Delay with Your Order #2AFE3ACB, Invoice #90519429

Dear Valued Customer,It is very unpleasant to hear about the delay with your order #2AFE3ACB, but be sure that our department will do its best to resolve the problem. It usually takes around 7 business days to deliver a package of this size to your region.

The local post office should contact your as soon as they will receive the parcel. Be sure that your purchase will be delivered in time and we also guarantee that you will be satisfied with our services.

Thank you for your business with our company.

Lucile Hardy
Sales Manager

Detailed Analysis:
According to this email, which purports to be from a sales manager at an unidentified company, there has been a delay with your order and the department will do its best to resolve the problem. The email contains order and invoice numbers and includes an attached .zip file called ‘Order_Copy’.

But, the email is not from any legitimate sales manager and the attached file does not contain a copy of the supposed order as implied. In fact, there is no order. The attachment contains malware.

If you open the attached .zip file, you will find that it holds a javascript (.js) file inside. If you then click this .js file, malware may be installed on your Windows based computer. Once installed, the malware may download further malware components, join your computer to a botnet,  and perform other dastardly deeds using your computer.

The criminals who sent out this email hope that at least a few recipients will actually be expecting a parcel and will therefore open the malicious attachment without due forethought. And, even if recipients are not expecting a parcel, they may open the attachment out of curiosity or because they think that a mistake has been made that they may need to deal with. These types of simple social engineering tricks can be very effective.

If you receive this email, do not click any links or open any attachments that it contains.

Fake receipt or invoice emails are often used to distribute various types of malware.

Last updated: March 10, 2016
First published: March 10, 2016
By Brett M. Christensen
About Hoax-Slayer

Malware Threat Articles
‘Funeral Account Recovery’ Malware
Loads Of Macro Malware ‘Invoice’ Emails Hitting Inboxes