By Luis Chapetti – Security Researcher
With the steady growth of eCommerce and the services developed to safely conduct it, the popularity of PayPal’s BillMeLater has attracted the attention of spammers. Barracuda has intercepted large amounts of spam targeting BillMeLater’s users with an email containing a zip file that launches a Trojan dropper. This Trojan dropper has been crafted to appear “new” and evade anti-virus detection. Once infected, the user’s machine quietly downloads and installs other malware that may have initially been blocked.
It is important to remember that spammers often deploy the same tactics through different guises. In this instance, they are trying to capitalize on the user’s sense of urgency to get them to click on links and open files. If you see this sort of email, don’t react abruptly, open a browser and navigate to the website of the service directly to determine your account activity status.