検索:
ホーム   »     »   Paycheck 322082

Paycheck 322082

  • 投稿日:2006年8月23日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

This is going to be one of those days where your average Trojan downloader get spammed at an approximate rate of a dozen per minute. We’ve just received another malware sample that downloads TROJ_SMALL.CPO and another yet unidentified file.
This downloader is attached to an email that uses social engineering to trick the users into opening the attachment. Presenting itself as an official looking email from a credit card service company, it instructs the user to verify the “payment details” contained in the attachment. The email details are as follows:


FROM:
Cihost Billing Management


SUBJECT:
[paycheck 322082] Credit Card Chargeback


BODY:
Sir,


We have received a notice from your card service stating that there was a chargeback made by the owner of the card that you paid for your account with. This is a very serious matter.


I have deducted the amount of the chargeback, GBP 102.10, from your account and added our standard fee of GBP 23.95 as well. (You can see your payment details in attachment.)


If there was some mistake, please let us know immediately so that we can get this situation resolved. We ask that you have the chargeback removed as soon as possible, as our account has already been debited for the amount in question.


If you would prefer to make your payment using a new payment method that would be fine as well (you can use a different credit card or you may send a money order payable to Cihost).


This is a time sensitive issue and must be resolved promptly at the request of the card service. Please email the billing team using the Web Administration Panel with information about how you are going to deal with this situation.


I thank you for your time and hope to hear from you soon.


See your payment details in attachment.


Sincerely,


Frank J. Cornwell


Cihost Billing Management


In light of the downloaders being spammed left and right, now might be a good time to reiterate a basic security practice: don’t open files attached to a suspicious email.


Note: A solution is currently underway for this threat and we’ll keep you posted for updates.


Update (Jasper, Wed, 23 Aug 2006 04:11:54 PM)
This threat will be detected as TROJ_SMALL.CPM. We’ll update you when the pattern is deployed.


Update (Jasper, Thu, 24 Aug 2006 10:00:22 AM)
The pattern for this malware has already been deployed in CPR 3.672.06.


No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.