• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   ‘Rechnung’ Spam Receipts Being Sent (Again)

‘Rechnung’ Spam Receipts Being Sent (Again)

  • Posted on:July 26, 2008 at 5:19 pm
  • Posted in:Malware, Spam
  • Author:
    Jovi Umawing (Technical Communications)
0

Senior Anti-Malware Security Specialist Rainer Link has reported receiving a peculiar email notification. And it masquerades as being sent by PayPal.

Below is a screenshot of a sample spam email:

Screenshot

Alice Decker, Trend Micro Advanced Threats Researcher, has translated the German text:

Good Morning,
Your order Nr. SP1239192 is now executed.
An amount of 6336.09 EURO was debited directly and it will be shown in your Paypal debit entry. You may find attached the details of the invoice.

PayPal (Europe)
S.447; r.l. & Cie, S.C.A.
01-81 Boulevard Royal
L-0342 Luxembourg

Greetings,
CEO: Mia Mayes
Trade register number: R.C.S. Luxembourg B 212 106

Trend Micro detects the attached ZIP file, which masks itself as a file detailing the invoice of the said transaction, as WORM_OTORUN.C. This worm propagates by dropping copies of itself into removable drives and connecting to certain Web sites to download possibly malicious files.

What is remarkable about this attack, said Decker, is that a worm is sent via email (which hasn’t been the norm). It can also be said that the attack is becoming more diverse, since past schemes involved sending via email downloaders that dropped browser hijacker Trojans (TROJ_BZUB variants), whereas more recently we have been getting downloaders of hijackers with rootkit capabilities (like the WNSPOEM malware) and now, worms.

Additionally, the email message body suggests that a new criminal organization outside Europe triggered this attack, added Decker.

Rechnung spam runs have been hitting users since 2006, and has been observed to be making a comeback during the second half of 2007.

Other such attacks in the past:
• Another Yabe Wave
• IKEA “Rechnung” malware shops for new targets
• New WORM_NUWAR.CQ variant, new faked 1&1 bills, new faked “KD Webshop Bestellung”
• Yet Another “Bill” from Ebay

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: paypalreceiptsrechnungSpam

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.