Don't open Worldpay_NR9712.zip!

Filed Under: Malware, Spam

Although so many hackers choose to attack innocent computer users via websites today, that doesn't mean that malware spread via email attachment is dead.

Take this example, for instance, which we have seen in large numbers in our spamtraps today. The emails, which have the subject "Worldpay CARD transaction Confirmation", claim that you have made an order with Amazon, and that a record of your payment is included in the attached file - called Worldpay_NR9712.zip.

Email claiming to be Amazon invoice via Worldpay

Of course, opening the attached file is a very bad idea indeed.

Sophos users are protected against the Trojan horse proactively as it is detected as Mal/WaledPak-A; with our products providing detection of this malware at the email gateway and at the desktop. In addition, the emails are stopped as spam by our anti-spam solutions.

However, users of products from other security vendors would be wise to check that their products are properly protecting against this latest attack wave.

Worldpay malicious email list

It wouldn't be surprising if some people did open the malicious attached file, concerned that they were being billed for a purchase they hadn't made. This is a trick that the bad guys have been using for years. Take a look at this example from last month, for instance.

Hackers know if you think that your credit card has been debited without your permission that you're more likely to click on an attachment without thinking about the possible consequences. Don't make life easy for them - think before you click.

, ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.