Spam Mails Claiming as Payment Request Notices Divert onto Malware

A warning has been issued to Internet-users during the 3rd week of July 2010 that a new scam is distributing malware and spam while pretending to be a payment request from the auction site eBay, harming computers as well as mobile devices.

State researchers at Sophos the security software firm, the trick involves dispatching an uninvited electronic mail having the caption "Payment request from" and a fake return e-mail ID eBay@reply1.ebay.com.

Said senior technology consultant Graham Cluley at Sophos, all the e-mails had an empty message body, although they displayed a file attachment named "form.html." ESecurity Planet published this on July 13, 2010.

Cluley further said that the e-mails had a treacherous social engineering ploy. Many people surprised at the request made would feel curious to know the whole story behind it so they might view the attachment, he added.

But once viewed, the attached file, which the security firm identified as Troj/JSRedir-BV, diverts users onto a just hijacked legitimate website that carries a malware called Mal/Iframe-Q.

Interestingly, this attack has dual parts. First it tricks users to visit an ordinary Canadian Pharmacy spam website, while creating an illusion that nothing really harmful occurred.

Nonetheless, an invisible Iframe of malicious nature connects to an intermediary website and installs a malevolent code. This code quietly downloads and runs malicious software on the PCs visiting the pharmacy site.

Incidentally, these assaults are called drive-by downloads and in the current one, a variant of Zeus/ZBot is pushed. Zeus is a kind of PC Trojan, which typically captures Internet banking credentials as well as other financial data.

Meanwhile, although the current fraudulent eBay campaign is wholly novel, it isn't the sole scam that's based on a brand while using a socially-engineered malicious program. States Cluley, Sophos has witnessed some other recent e-mail campaigns having malicious HTML attachments that were based on Facebook porn, Facebook password modifications, Adult Friend Finder, Skype payment problems, and Skype purchases and romantic interest.

Ultimately, the security specialists recommend businesses and consumers that they must have the latest version of anti-spam filters on their computers, and also forgo clicking uninvited attachments and e-mails.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 7/24/2010