Spam with Subject ‘Worldpay CARD Transaction’ Entering Users’ Inboxes

Graham Cluley, Senior Technology Consultant at Sophos, has found a new spam mail presently circulating on the Internet and targeting e-mail accounts of numerous end-users, as reported by Sophos on June 17, 2009.

Understandably, the e-mail's caption says "Worldpay CARD transaction Confirmation," while the message body informs the recipient that since he has ordered for a deal with Amazon, a file named Worldpay_NR9712.zip is attached which shows his payment's record.

The message also states that the attached file does not relate to a tax payment and Amazon Inc., which has obtained the order, will duly notify the recipient regarding the order's delivery once its processing is finished. The e-mail then signs off representing "Amazon Team."

The spam message uses some tactics to lend it a touch of authenticity. Accordingly, some extra lines are inserted below the main text. These state that the confirmation in the e-mail merely suggests that the recipient's transaction has gone through successful processing and not that Amazon has accepted his order. The responsibility of confirming the order's acceptance rests with Amazon Inc., which is also responsible for delivering the ordered services and goods to the recipient, the lines indicate.

However, the security researchers stated, the e-mail is not legitimate and there can be no 'receipt' that compels a recipient to click on an attachment and thereby downloads a file for viewing. Thus, it is here that e-mail recipients could distinguish a genuine message from a malicious spam mail.

Besides, Sophos has found that a malevolent Trojan is downloaded through the spam - Mal/WaledPak-A. The security company states that this Trojan is capable of going online as well as interacting with a remotely located server through 'hypertext transfer protocol' (HTTP) along with transmitting itself out with the help of built-in 'Simple Mail Transfer Protocol' (SMTP).

Commenting on the point, Cluley stated most modern hackers are targeting unwitting PC users through websites; however, the latest instance indicates that malicious programs disseminated through e-mail attachments still remains.

Finally, Cluley says that spammers have exploited this trick several times before, and even now it continues to thrive successfully.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 6/25/2009