Sophos researchers are warning of a widespread attack that leverages fake Amazon.co.uk e-mails to trick users into opening malicious attachments.

The e-mails, which are convincingly disguised as order confirmations, use the subject line "Your Order with Amazon.co.uk."

All links in the e-mail go to the legitimate Amazon UK Web site, but an attachment named "Your Order Details with Amazon.zip" contains a Trojan identified as Mal/BredoZp-B.

"It's understandable that some computer users would be fooled into opening the attachment, as they might be wondering what on earth they have ordered from Amazon. ... Although there has been increased talk recently of drive-by-downloads and compromised websites being used to deliver malware onto the computers of unsuspecting computer users, it's worth remembering that email-based malware is far from dead," writes Sophos' Graham Cluley.