Search This Blog

Trojan present in emails “Notification of payment received” regarding a payment on Paypal





MX Lab, started to intercept a new trojan distribution campaign by email with the subject “Notification of payment received” and it informs the reader of a payment on Paypal.

The email is send from the spoofed address “service1@paypal.com” and has the following body:

You’ve Got Cash!

Hello,

This email confirms that you have received a payment

Receipt ID: 6582-5633-4547-8480

The number above is the buyer’s receipt ID for this transaction. Please retain it for your records so that you will be able to reference this transaction for customer service.

Payment details
Total amount: $538.00 USD
Currency: U.S. Dollars
Transaction ID: YWF75893702065128
Quantity: 1
Buyer: See attached file for full details

Have you lifted your withdrawal and receiving limits? Just log in to your PayPal account and click View Limits on the Account Overview page.
Sincerely,
PayPal

PayPal Email ID YC220

The attached ZIP file has the name Notification_payment_9850-9767-5140-2469.zip and contains the 72 kB large file Notification_payment_08_15_2012.exe.

At the time of writing, none of the 41 AV engines did detect the trojan at Virus Total so it is impossible to name this trojan.
Share it:

Spam Report