Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Click for larger view After spam runs related to UPS, FedEx, and Western Union, another form of invoice spam strikes again!

    We caught a new invoice spam that is purportedly from WorldPay, a division of the Royal Bank of Scotland that specializes in handling secure online payments from all over the world.

    The spammed email message informs users that their transaction with Amazon Inc. has been successfully processed by WorldPay.

    The said email contains a .ZIP file, which holds a malicious file named WorldPay_NR9712.exe. This file is detected by Trend Micro as TSPY_ZBOT.BEO through the Smart Protection Network.

    TSPY_ZBOT.BEO downloads a configuration file from a remote site. This file contains a list of bank-related Web sites, which the spyware monitors in the Internet browser address bars. 

    The URLs listed in the downloaded configuration file may change at any time. As of this writing, the file contains links to the legitimate sites of Bank of America.

    When a user accesses any of the listed URLs, the spyware logs keystrokes to capture data entered in login boxes, including sensitive banking information such as user names and passwords. The gathered information is saved in a file, which is then sent to a remote site through HTTP post.

    Here are previous reports of invoice spam:

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice