According to reports, the fake e-mails claim to contain a shipping update bearing an order number. It recommends the users to check the attachment and verify their details. However, the attachment is a malicious file meant to install a Trojan horse program on user's system if opened. Meanwhile, the security firm Sophos claimed that it is indentifying the attached malicious files as Mal/CryptBox-A and Troj/CryptBx-Zp.

It seems that in order to persuade users to open and use the malicious attachment, the e-mails contain an image of a known half-opened branded package of Amazon. According to Graham Cluley, senior technology consultant at Sophos, it is most likely the reason for embedding such an image so that the users blindly trust the sender, and without wasting time or giving a second thought, immediately open the attachment, as per the news published by HELP NET SECURITY on January 12, 2010.

Cluley also said that like always, be sure that the PC's security is updated and not to open unsolicited e-mail attachments, as per the news published by Info Security on January 12, 2010.

Experts noted that the most probable reason of targeting Amazon is its brand name and goodwill. This is because users easily trust and get trapped when it comes to websites of well-established, popular and reliable brands, like Amazon in this case.

Cluley commented that any e-mail can claim to be coming from a renowned brand like Amazon, however, it might simply be a ploy created by malware purveyors.

To distribute malware, Amazon has been targeted earlier as well. Sophos unearthed a spam campaign targeted at Amazon.com's EC2 (Amazon Elastic Compute Cloud) in July 2008. In this campaign, users were duped via e-mails stating that they required an "Important Windows Update". Being traditionally one of the oldest and best-known tricks, it redirects user to a malware distributing website.