TrendLabs researchers received spammed messages purporting to have come from various companies such as eBay, J.P. Morgan Chase and Co., and Colgate-Palmolive, among others. The email bore the subject, “Payment request from,” and informs users about a certain recorded payment request.

The spammed message even gave users two options—to either ignore the email if the payment request has been made or to download the attached .ZIP file and install the inspector module to decline the said payment request. If the user does not make any transaction, he/she still needs to download the attachment just to cancel the payment request. The attached .ZIP file is, of course, not an inspector module but an .EXE file (module.exe) detected by Trend Micro as TROJ_AGENTT.WTRA.

Users are advised to be wary before opening any attached files even if they come from known sources. It is also best to verify emails you receive from any company first just to be sure it is legitimate. Trend Micro secures users from this attack via the Trend Micro Smart Protection Network™, which detects and blocks the spammed emails and prevents the download of the malicious file.