MX Labs Reveals Fake Email Notifications: Bill Me Later
A recent threat making rounds in cyber space relates to paying of debt purporting a company called Bill Me Later service (a part of PayPal acquired by eBay in 2008), as introspected by a renowned security firm MX Labs.
The emails are threatening letters posted with bombarding subject and content. The recipients are intimidated and warned of in this letters as evident from the mails. The subject notifies people to pay of the debt to Bill Me Later on an emergency basis, the failure or negligent of which will lead them to turn to the court for bill collection and hence require additional expenses from the part of the recipient.
The expenses are labeled against safe duty, expense of representative's services, compensatory interest for the use or detention of money for each day of delay and execution fee. On the basis of all these expenses, the recipient is charged $349.00.
At the bottom of the notification, a button with "Print the invoice", is there that leads to a website designed to serve an archive file INVOICE_FORM.zip, which actually conceals a malicious payload.
Experts at security firm explain that for the payment of the same, a URL is attached that itself contains a malicious payload. The zipped file INVOICE_FORM.zip will be downloaded containing a compressed file INVOICE_FORM.exe explained the experts.
Though the official notification appears to be originating from the most legitimate eBay site with all the appropriate logos just in the right place, a close look on it is sure to reveal that the site is not legitimate.
The Trojan involved in this whole incidence is known as Suspect.Trojan.Generic.FD-4, Trojan.Win32.Tobfy!IK, Trojan.Win32.Tobfy or HEUR:Trojan.Win32.Generic.
However, as a matter of fact, according to MX Labs researchers only 6 out of 42 anti-virus engines could identify the Trojan at Virus Total.
Introspecting on the whole incident, experts commented that the incidence has shown a surge due to leading malware campaigns of the above kind on the net.
In order to alleviate oneself from being victimized to such malicious spam it is herewith advised that one should be very cautious while opening malicious attachments. Always ensure up gradation of antivirus scan in the computer and make sure to posses the latest security patches and advice the same for friends and relatives.
Related article: Mass Mailing Worm Caution About Worms
» SPAMfighter News - 22-09-2012