Email notification regarding your debt at the service BillMeLater contains email threath
September 19, 2012 7 Comments
MX Lab, http://www.mxlab.eu, is intercepting messages regarding a debt to the Bill Me Later service, a company that is acquired by eBay in 2008 and is now part of Paypal, that contains a security threath. These messages are sent with various subjects like:
Immediately pay off the debt! #id81490
We will file a charge against you. #id80119
You must immediately pay off the debt! #id40754
….
The email is send from the spoofed address “Ebay <customer@ebaybill.com>” and has the following body (a single image email):
The includeed URL will lead you to a host where a malicious payload is present. The file INVOICE_FORM.zip will be downloaded that contains the compressed file INVOICE_FORM.exe.
The trojan is known as Suspect.Trojan.Generic.FD-4, Trojan.Win32.Tobfy!IK, Trojan.Win32.Tobfy or HEUR:Trojan.Win32.Generic.
At the time of writing, 6 of the 42 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: bd5e2868987d59cd24ed748cbcc489396eb782ddbf6e207395b0d80c5521b017.
I received such an email last week as you have shown, showing Ebay logo and Billmelater/Paypal.
I was so pleased to find your website and see the exact copy
It took a lot of relief from my mind
would be nice if you include link of sample in article
Here is Las Vegas, I just received these exact emails in my google spam mail box. Of course, I immediately deleted them.
I meant to say, “here IN Las Vegas…” sorry
same, i just received this in my school email account. scared for a minute until i found this website!
Pingback: Email notification regarding your debt at the service BillMeLater contains email threath | Chapter 11 Bankruptcy Los Angeles California
Hi, I clicked on the link but when prompted for the zip I declined to download it. Any problems with that?