FYI - If you do business with Newegg.com please be leery of any emails you receive from them as it could very well contain a Trojan like the email I got today. Obviously, it wasn't from Newegg but it is very clever because many people will immediately open the attachment to see the order details as they're panicking that someone placed an order in their account.

I realize most people on these Forums are running good security and probably wouldn't be foolish enough to open an attachment that shows the details of a $2400 TV you ordered (assuming it made it passed their AV, which it didn't - Thanks AVG Free!!!) , but others might so please help to make them aware.

Here's the email:

----- Original Message -----
From: <info@newegg.com>
To: Big Geek Daddy
Sent: Tuesday, October 10, 2006 11:13 AM
Subject: Order ID : 37679041


Dear Customer,

Thank you for ordering from our internet shop. If you paid with a
credit card, the charge on your statement will be from name of our shop.

This email is to confirm the receipt of your order. Please do not reply
as this email was sent from our automated confirmation system.

Date : 08 Oct 2006 - 12:40
Order ID : 37679041

Payment by Credit card

Product : Quantity : Price
WJM-PSP - Sony VAIO SZ370 C2D T7200 : 1 : 2,449.99

Subtotal : 2,449.99
Shipping : 32.88
TOTAL : 2,482.87

Your Order Summary located in the attachment file ( self-extracting
archive with "37679041.pdf" file ).

PDF (Portable Document Format) files are created by Adobe Acrobat
software and can be viewed with Adobe Acrobat Reader.
If you do not already have this viewer configured on a local drive, you
may download it for free from Adobe's Web site.

We will ship your order from the warehouse nearest to you that has your
items in stock (NY, TN, UT & CA). We strive to ship all orders the same
day, but please allow 24hrs for processing.

You will receive another email with tracking information soon.
We hope you enjoy your order! Thank you for shopping with us!

--------------------------------------------------------------------------------
Viruses found in the attached files.
The file 37679041.zip: Trojan horse BackDoor.Generic3.QPH. The attachment
was moved to the virus vault.

Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.2/471 - Release Date:
10/10/2006

Thanks for the heads-up and good advice. As always, the best method is never to open an attachment which you didn't expect, but this Newegg scam would indeed fool people who are current or former Newegg customers. These scams are becoming ever-more sophisticated.

I save any attachment, executable download, .zip file etc. to an empty folder and first run a quick area-specific scan (i.e. tell my AVG and A-Squared scanners to only scan that folder) on the folder before opening anything. Takes less than 30 seconds usually.

Thanks for posting this.

I just got one from walmart.com with the exact same message. Same Order #, same Product ordered. I always like to research things that dont make sense before going for the obvious solution (clicking on the PDF file).

Yours is the first I found, thanks again for the alert! Saved me some searching so I can get some much needed sleep.

It appears that it's pretty much every major retail electroincs store at this point that is being spoofed and is a very nasty piece of Malware called Haxdoor:

Malware being spammed as PDF from retail stores (http://blogs.zdnet.com/Spyware/?p=854)

Yep, I got a walmart one as well just now. Of course it's fairly funny for Australians as we don't use Newegg or Walmart, so it's clearly spam, but still a disturbing trend.

Yeah, I dont even shop at walmart.com. We shop more at newegg, so not sure if it was just a completely random thing.

Kinda scary if its moving so fast. I wonder how many people will be duped by it.

I got burned by a similar email from paypal a year ago, not gonna make that same mistake twice.

Ok this is getting worse. I have now received the same email spoofing Newegg with another Zipped file. It's worse because AVG didn't detect it as a Virus upon arriving in my email. I then scanned it with both AVG Free and AVG Anti-Spyware and neither of them detected it either.

I know experienced users won't fall for this but there's a ton of novices that might. Please let your friends and family know not to open any files that arrive from online vendors...they never correspond that way.

I just manually updated my AVG free and rescanned the zip file. It detected it as a virus so AVG is apparently on top of this as I had already updated with last 24 hours.

The bottom line is that vigilance and having some PC knowledge are the only true defences against malware. That's why I stubbornly stick to my personal philosophy of getting people to steer away from relying purely on a range of utilities to automatically optimize and maintain their PC. Now more than ever it's important to understand how your PC works and how to maintain it.

None of these scams can work if people pay attention to them and follow some basic guidelines. For example after configuring Outlook Express as per the TGTC, the only way you can get malware through these scam emails is if you actively save and execute an attachment, or click on a link or image in these emails. So even if you're curious and open up one of these emails to check what it's about, there's no problem. If you're a Newegg/Walmart/whatever customer, you can then manually check your online account to see if an order has been made, just to confirm things.

Furthermore the average person needs to start taking an interest in what's running on their PC at any time - not just to remove resource-hogging or conflict-inducing background programs, but to start noticing odd programs, startup items and processes which do not seem right. Further investigation using Google and some of the process list links in the TGTC almost always clarifies whether you're running legit programs or potential malware.

The average user is indeed going to have a tough time, but there just isn't a simple fix to this. Short of enabling UAC in Vista and loading it up with anti-malware programs (and hence making it an absolute bear to use), the simplest solution is education and knowledge. PC users need to be encouraged to realise PCs are not a mystical black box.