‘Payment Request’ E-mails Drops Trojan

Security researchers have issued an alert that a new campaign for malware distribution is doing the rounds. It is luring users by showing incorrect billing. Posing as payment request notices, the spam mails pass a PC Trojan as a means to block the systems, as reported by SoftPedia on November 19, 2009.

Graham Cluley, Senior Technology Consultant at Sophos, warns via his blog post that the e-mails pose as messages sent from an Internet banking agency's 'Customer Support' section. These e-mails talk about various organizations' payment requests, as reported by Sophos on November 17, 2009.

Moreover, perpetrators of the scam try to take advantage of people's anxiety regarding illegal charges debited to their accounts.

With the caption of the fraudulent spam mails as "Payment request from [company name]," the text states that the "company's" payment request has been recorded and a charge amounting to $66.10 could be debited to the e-mail recipient's account. While this amount could vary from one e-mail to another, the company names that are abused include Microsoft, Sun Microsystems, EBay, Starbucks, Fox Film Corporation or Cartoon Network Studios.

According to the e-mail, the payment apparently awaits clearance and if the recipient has cleared the transaction or approved the payment, then he may ignore or delete the message. If the user hasn't cleared the payment or wishes to be excused of it, then he needs to download and run an attached file, which contains a transaction inspecting software, the e-mail states.

However, Sophos has found that the attached file contains malware - Mal/EncPk-LP. Evidently, the hackers responsible for the attack are purposely utilizing different kinds of company names along with various payment sums so that an alert about the threat could not spread. Thus, security analysts remind people of always treating unsolicited attachments with suspicion.

Researchers at Trend Micro, another security company, likewise reported of receiving spam mails that pretended to be from different firms like Colgate-Palmolive, J.P. Morgan Chase and Co., and EBay amongst others, using the caption, "Payment requests from," while notifying recipients of a so-called request for payment.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 12/1/2009