Sneaky Worldpay CARD transaction Confirmations Spreading the Infectious Mal/WaledPak-A!

News

Contributed by: Aurelija
Date: June 18, 2009

	8 Vote 0	Sneaky Worldpay CARD transaction Confirmations Spreading the Infectious Mal/WaledPak-A!

Go to your email account and check your inbox. Do you see anything in it with the subject line "Worldpay CARD transaction Confirmation"? If no, you're the lucky one. If the answer is yes, be extremely cautious when dealing with it. Don't believe in everything this email says and more importantly, don't open any attachments that are, most probably, provided in the archived ZIP file. Two months ago I warned you against a new Worldpay spam campaign spreading the Zbot banking Trojan. Today I'm telling you to watch out for a new round of Worldpay spam, infecting your system with Mal/WaledPak-A.

The From address doesn't actually belong to WorldPay, it is probably randomly spoofed. The message itself informs a recipient that his/her transaction has been processed and the invoice is attached below. Here's how the whole message reads:

Subject: Worldpay CARD transaction Confirmation

Thank you!

Your transaction has been processed by WorldPay, on behalf of Amazon Inc.

The invoice file is attached to this message.
This is not a tax receipt.
We processed your payment.
Amazon Inc has received your order,and will inform you about delivery.

Sincerely,
Amazon Team

This confirmation only indicates that your transaction has been processed
successfully.
It does not indicate that your order has been accepted.
It is the responsibility of Amazon Inc to confirm that your order has been accepted, and to deliver any goods or services you have ordered.

Attachments:
• Worldpay_NR9712.zip (23.63KB)

Table 1. Text of the spam email

As I've already mentioned, there's a compressed Worldpay_NR9712.zip file attached to the email. It is likely that both the name of the file and its size may vary. According to the cyber criminals this is a .doc file. However, don't believe that and don't open this attachment. It is actually an executable file that will infect your system with malware.

Mal/WaledPak-A is a worm created by cyber criminals for the Windows platform. This malware includes functionality to access the internet and communicate with a remote server via HTTP. It can also send itself out using built-in SMTP client. Below you will find several possible alias names of Mal/WaledPak-A:

Alias names

Email-Worm.Win32.Iksmas.all

W32/Waledac.gen.j

TR/Crypt.ZPACK.Gen

Trojan:Win32/Waledac.gen!A

W32/waledac.gen.j

TR/Crypt.ZPACK.Gen

Table 2. Alias names

Once more everybody is warned to look with suspicion at any unsolicited emails with instructions that recipients are urged to follow. The best solution in this situation would be to delete any similar looking emails, without reading them. If you have really ordered something from Amazon and paid via Worldpay and received an email from any of these companies, you should use your common sense and be 100% sure of its legitimacy before clicking on any of the provided links or attached files. Of course, you should also not forget to keep anti-spam filters and anti-virus software up-to-date.

Resources:
Don't open Worldpay_NR9712.zip!
Mal/WaledPak-A Characteristics
Spam Email
Alias names

User Comments

Featured Videos

Modify hosts file

From: PC1News Videos

Added: June 13, 2009

Software Downloads

SpyHunter V.3

Free Spyhunter Download (Spyware/Trojan Detection), SCAN, BLOCK Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now