Infesting you with Virus News
 

News

Contributed by: Aurelija
Date: April 27, 2009
Aurelija
11
Vote
0

“WorldPay CARD transaction Confirmation” : Emails Bombarding Inboxes with Malware?!
 

Received an email with the subject line "WorldPay CARD transaction Confirmation"? Don't believe in everything it says and more importantly, don't open any attachments that are, most probably, provided in the archived ZIP file. This is a new spam campaign, aiming to spread malware, characteristics of which resemble a well known Zbot banking Trojan.

The From address doesn't actually belong to WorldPay, it is probably randomly spoofed. The message itself informs a recipient that his/her transaction has been processed and the invoice is attached below. Here's how the whole message reads:

Your transaction has been processed by WorldPay, on behalf of Amazon Inc.
The invoice file is attached to this message.
This is not a tax receipt.
We processed your payment.
Amazon Inc has received your order,
and will inform you about delivery.
Sincerely,
Amazon Team

This confirmation only indicates that your transaction has been processed successfully.
It does not indicate that your order has been accepted.
It is the responsibility of Amazon Inc to confirm that
your order has been accepted, and to deliver any goods or services you have ordered.

                    














Table 1.  Text of the spam email

As I've already mentioned, there's a ZIP file attached to the email. It is designed to loorogue.jpgk like a .doc file; however it is actually an executable file, that drops a Trojan into the recipient's system.

One of the possible names of the attached file is WorldPay_TRANS_8651.exe with the MD5 d4131d5a287bce49ddb3a4f9db7e7dc1 and the file size of 66560 bytes. Of course, as is the case with the majority of other malware, both the name of the file and its size and MD5 may vary.

The threat provided in these emails has the characteristics of a ZBot banking Trojan which can disable firewalls steal both personal and financial information, download additional malware and give a hacker remote access to the compromised system.

Below you can find information with alias names of the Trojan dropped by the WorldPay_TRANS_8651.exe executable file. 

Alias Names of the Trojan
Trojan-Spy.Win32.Zbot!IK
Win-Trojan/Zbot.66560.S
TR/Spy.ZBot.66560
W32/Trojan3.AMK
PSW.Generic5.AODJ
Trojan.Spy.Zeus.W
(Suspicious) - DNAScan
Win32/Kollah.AGG
W32/Trojan3.AMK
Trojan-Spy:W32/Zbot.OSK
W32/Zbot.M!tr.pws
Trojan.Spy.Zeus.W
Trojan-Spy.Win32.Zbot
Trojan-Spy.Win32.Zbot.sot
Generic!Artemis
Trojan.Spy.ZBot.66560
PWS:Win32/Zbot.M
Win32/Spy.Zbot.PF
W32/Sinowal.WER.worm
High Risk Worm
Mal/EncPk-HZ
Trojan-Spy.Win32.Zbot.gen
Infostealer

Table 2.  Alias names of the Trojan

Once more everybody is warned to look with suspicion at any unsolicited emails and links that recipients are prompted to follow. The best solution in this situation would be to delete any similar looking emails, without reading them. In the case of you thinking that the received email is not part of spam campaign, you must be 100% sure of its legitimacy before clicking on any of the provided links or attached files. Of course, you should also not forget to keep anti-spam filters and anti-virus software up-to-dated.

Resources:
WorldPay emails contain attached mailware
WorldPay spam
Virustotal Report

User Comments

stefan June 22, 2009
very good ;)
Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: June 13, 2009
more videos

Software Downloads

SpyHunter V.3
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

Worm.Win32.P2P- .. Worm.Palevo.ki
March 14, 2010
Hey i just got P2P-Worm.Win32. .. rm.Win32.Palevovirus on my laptop and i dont know how to remove it... more..
Alot Toolbar
March 14, 2010
alot has been plaging me for about three months more..
AWC.exe
March 14, 2010
arey you bloody stupid or what? awc.exe belongs to advance system care, idiots! go back to dos and learn... more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > E-mail > “WorldPay CARD transaction Confirmation” : Emails Bombarding Inboxes with Malware?!