Another variant of the Bredolab trojan is filling email inboxes, this time claiming to be a shipment tracking number from Amazon.
The scan results at virustotal.com show only 40% of antivirus software is currently catching this virus, and it's missed by McAfee.
The email this one comes in has the subject line of:
Your order has been paid! Parcel NR.2655.
The email body contains the following text:
Goodafternoon!
Thank you for shopping at Amazon.com
We have successfully received your payment.
Your order has been shipped to your billing address.
You have ordered " Sony VAIO VGC-RT100Y "
You can find your tracking number in attached to the e-mail document.
Print the postal label to get your package.
We hope you enjoy your order!
Amazon.com
Note the missing space in the opening "Goodafternoon!" This kind of mistake is a good indication that the email is not legitimate.
I haven't yet analyzed the activity of this virus, but it appears from the scan results that it will install rogue antivirus software, which then pesters you to purchase with many false positives in a fake scan result.
When I've done my analysis, I'll add to this article with the results.