***WARNING FAKE BUY.COM ORDER CONTAINS LINK TO TROJAN***

Today i reveiwed a thank you confirmation from BUY.COM supposedly. Upon examination the name resolved to an address otherwise and it had a link to confirm my order. I clicked it knowing that Avast had my back and it had PWS:Win32/Daurso.a and TrojanDownloader:Win32/Bredolab.AA in it. Windiws defender caught them both as well. Here is the text version of the e-mail:

http://jundo.com/index8.html
Track Your Order http://jundo.com/index8.html | My Account http://jundo.com/index8.html | Wishlist http://jundo.com/index8.html | Help http://jundo.com/index8.html

Thanks for your order myname@my host name.com,

Want to manage your order online?

If you want to check the status of your order or make changes, please visit our homepage at Buy.com http://jundo.com/index8.html and click on the My Account link at the top of any page.

Your Order Number is: 88825603 http://jundo.com/index8.html
Order Review
Purchase made: Fri, 25 Jun 2010 10:46:56 -0500
If your order requires multiple shipments, we will send you an email as soon as each of the items ship.

SKU DESCRIPTION QTY ESTIMATED SHIP DATE SHIPPING METHOD UNIT PRICE ITEM TOTAL
286996020 ASUS N71JQ-A1 17.3" Notebook, Intel Quad Core i7-720QM (1.60GHz), 4GB DDR3, 640GB, Blu-ray Combo, ATI Radeon 5470 1GB Graphics, Webcam, Windows 7 Home Premium
Format: Notebooks 1 In Stock: Usually ships within 1 business day Second Day Shipping (2 business days) $1,326.99 $1,326.99
SubTotal: $1,326.99
Shipping & Handling: $50.00
Tax: $0.00
TOTAL: $1,376.99
We pride ourselves on delivering the best possible shopping experience to you and all of our customers. That means that from the moment you enter Buy.com to the moment your order is delivered to your door - we are dedicated to your satisfaction.
Thank You!

Once again, thank you for placing your order with Buy.com. We value your business and pledge to continue to offer top brands, superstore selection, low prices, and outstanding service. Anything. Anytime. Anywhere.
We appreciate your business,
http://ak.buy.com/buy_assets/v6/email/Neel_SIG.gif
Neel Grover
CEO and President

Hi anim8tar,

Thanks for the heads-up. This is a suspicious site: hxtp://jundo.com/index8.html, see:
http://www.mywot.com/en/scorecard/jundo.com
and it is on this blocklist: jundo.com is on SURBL lists: AB
finjan has blocked the page, because of the detection of Mal/Iframe-Q infection
Here it is also listed: http://support.clean-mx.de/clean-mx/viruses?id=611198

polonus

We pride ourselves on delivering the best possible shopping experience to you and all of our customers. That means that from the moment you enter Buy.com to the moment your order is delivered to your door - we are dedicated to your satisfaction.
That statement is probably true if it came from buy.com. In your case, it came from juno.com obviously not the same place and one of the first things to notice and start warning bells ringing. ;D

Sorry but warnings of this kind I feel are pointless.

This is just a variation on a common theme trying to trick the recipient, if its not buy.com its UPS or some such common scam. People are either going to be smart enough to leave well alone having ordered nothing or will be stupid enough to click on the link to see what it is all about and any amount of warnings won’t change that.

Personally you were crazy to click on it, regardless of having avast installed, what if it were a piece of malware that wasn’t detected by avast or windows defender, you got lucky.