We have received reports of a new attack to Worldpay. An attachment with the filename of ID0220712 is currently being spammed with the email body indicating that the sender is from Worldpay support named Dave, and writes that a chargeback has been made regarding a payment order with “ID 0220712, Receipt Date 09/07/2006″. Payment details are included in the attachment which is sad to say, an malicious EXE file. Trend Micro detects this file as TROJ_DLOADER.DEU. We are currently in the process of publishing our report regarding this malware and we will update you once it has been published. We have attached a sample email for our dear readers so that you can be forewarned if ever you encounter it.

Update (Obet, Wed, 12 Jul 2006 08:01:16 AM)

The report for TROJ_DLOADER.DEU has been published, you can view it here.It is being detected as of Control Pattern Release 3.562.06.

Update (Obet, Wed, 12 Jul 2006 08:31:52 PM)

TROJ_DLOADER.DEU connects to the internet to download the file SUHOY336.EXE, this file is being detected by Trend Micro as TROJ_BANKER.EYC. The downloaded file is saved to the Windows folder.