A series of new spam emails that target computer users and attempt to infect them with a variant of a ZBOT trojan have been discovered.
The e-mail attempts to persuade a recipient to open an attachment and claims that the said attachment contains a payment confirmation for the recipient. However, the “TTcopy.zip” attachment contains a malicious “TTcopy_pdf.exe” file that, when executed, attempts to infect the system with malicious code.
The e-mail message contains the following “Subject” and “Message Body”:
Subject: TT copy of payment
Message Body:
Hello,
Kindly find attached TT copy of payment made to your account today as balance payment on behalf of your customer and the documents, pls sign/stamp and send back to me asap. Kindly confirm that the amount/bank details are correct as and the same with
the one your colleague gave us to make payment with. I await your urgent confirmation and response.
Thanks and best regards.
Management.
If you come across such emails, DO NOT open the attachment. Instead, delete the email and keep your Quick Heal antivirus updated. Quick Heal detects the malicious attached file as TrojanSpy.Zbot.gfld; so our users are already protected.
We additionally recommend that users do not open such attachments from any other unknown emails as well.