Although so many hackers choose to attack innocent computer users via websites today, that doesn't mean that malware spread via email attachment is dead.
Take this example, for instance, which we have seen in large numbers in our spamtraps today. The emails, which have the subject "Worldpay CARD transaction Confirmation", claim that you have made an order with Amazon, and that a record of your payment is included in the attached file - called Worldpay_NR9712.zip.
Of course, opening the attached file is a very bad idea indeed.
Sophos users are protected against the Trojan horse proactively as it is detected as Mal/WaledPak-A; with our products providing detection of this malware at the email gateway and at the desktop. In addition, the emails are stopped as spam by our anti-spam solutions.
However, users of products from other security vendors would be wise to check that their products are properly protecting against this latest attack wave.
It wouldn't be surprising if some people did open the malicious attached file, concerned that they were being billed for a purchase they hadn't made. This is a trick that the bad guys have been using for years. Take a look at this example from last month, for instance.
Hackers know if you think that your credit card has been debited without your permission that you're more likely to click on an attachment without thinking about the possible consequences. Don't make life easy for them - think before you click.