Today we began to see a new malicious spam campaign from the Pushdo botnet. The message claims to be from Amazon and states that ‘your payment’ has been processed by WorldPay (an Internet payment processor) and that the invoice file is attached. All of the messages have the subject ‘WorldPay CARD transaction Confirmation’
The attachment is a zip file containing an executable file. This file is detected by only a small number of anti-virus engines which identify it as a spybot.
This campaign is a variant of similar previous Pushdo campaigns that claimed an invoice from Delta airlines or UPS was attached. These also contained an attached executable in a zip file.
Hopefully we shouldn't have to remind anyone that running executable attachments in unsolicited email is not a good idea.
