Malware scams come and go but the latest incarnation documented by security software vendor Sophos is barnstorming the Internet with unsolicited e-mails purporting to be requests for payment from the world’s most prominent online auction site.
As eSecurity Planet unearthed, this latest textbook example of socially engineered malware is infecting users’ smartphones and PCs with a double dose of spam-spewing malware and serves as a great reminder to never open attachments contained in unsolicited e-mail missives.
“It’s a sneaky piece of social engineering on the behalf of the hackers,” one Sophros executive said. “Many people would be tempted to open the attachment to find out what on earth the email is about.”
Internet users are being warned this week to be on high alert for a new malware campaign that’s using a bogus request for payment from eBay as a front to infect users’ PCs and mobile devices with a variety of spam and malware.
According to researchers at security software vendor Sophos, the ploy begins with an unsolicited email with the subject line “Payment request from” with a phony “eBay@reply1.ebay.com” return email address.
The emails all have a blank message body, according to a blog post by Graham Cluley, a senior technology consultant at Sophos, but have a file called “form.html” attached.
“It’s a sneaky piece of social engineering on the behalf of the hackers,” Cluley wrote. “Many people would be tempted to open the attachment to find out what on earth the email is about.”