Malware download from “eBay GMBH” (German Ebay)

Clearly not from the German version of eBay, but posting this here just in case anyone gets the same email and Googles for it.

Rechnung für [redacted] noch offen: Nummer 19879661
Sent By: Inkasso Ebay GmbH   On:Apr 04/22/15 12:59 AM
Forderung an [redacted].22 04.2015-Inkasso Ebay GmbH.zip (130 KB) | Download

Sehr geehrter Kunde [Redacted], Ihr Kreditinstitut hat die Kontoabbuchung zurück buchen lassen. Sie haben eine ungedeckte Forderung bei der Firma Ebay GmbH.

Aufgrund des bestehenden Zahlungsrückstands sind Sie verpflichtet außerdem, die durch unsere Beauftragung entstandenen Kosten von 43,90 Euro zu tragen. Wir erwarten die vollständige Zahlung bis zum 24.04.2015 auf unser Bankkonto. Namens unseren Mandanten fordern wir Sie auf, die offene Forderung sofort zu begleichen. Bei Fragen oder Unklarheiten erwarten wir eine Kontaktaufnahme innerhalb des gleichen Zeitraums.

Bitte beachten Sie, dass keine weitere Mahnung erfolgt. Nach Ablauf der Frist wird die Akte dem Gericht und der Schufa übergeben. Eine vollständige Kostenaufstellung, der Sie alle Buchungen entnehmen können, ist beigefügt.

Mit freundlichen Grüßen

Inkasso Voigt Marlon

Achtung: Dies ist ein Betrug. Keine angehängten Dateien öffnen!

Summary: I have an open invoice because of a declined charge with Ebay Germany. If I don’t pay immediately, a collection company will come after me and I’ll be reported to the General Credit Protection Agency. Notice that ZIP file up there in red, supposedly an invoice. Unzip it, and there’s another zip file. Unzip that, and there’s a file called

[redacted] Forderung 22.04.2015 – Inkasso Ebay GmbH.com (meaning, supposedly, a demand for collection.)

That’s a .COM file, or rather a simple executable file… in other words, a program. These are BAD NEWS for anyone who is foolish enough to open them. They’re just as bad as .EXE files. NEVER OPEN AN EXE OR COM FILE UNLESS YOU KNOW EXACTLY WHAT IT IS AND WHOM IT’S FROM.

Interestingly enough, I ran a virus check on this file and it came up with nothing. However, submitting it to VirusTotal.com came up with this:

viruses

In other words, it’s a nasty. The anti-virus programs indicated came up with multiple offenders for this file – one example that I followed for illustrative purposes was Packed.Win32.Katusha.o, which is a Trojan that can connect to a remote IRC server once it has infiltrated a PC. Packed.Win32.Katusha.o will download harmful files from the server that will damage the infected machine even further.

If you run this insidious program, you have just opened wide a door to the criminal element, and your computer will be infected with keyloggers, other trojans, made part of a botnet of spamming computers, infected with the dreaded CryptoLocker, or who knows what else. It will, at the very least, cause you inconvenience, and at the very worst destroy all your files, give criminals access to your personal data and/or your email accounts, and cost you lots of money. These people are horrible individuals. They want only one thing – to make money at your expense, and they don’t care how they do it.

Don’t ever fall victim to them.

The Old Wolf has spoken.

Advertisements

2 responses to “Malware download from “eBay GMBH” (German Ebay)

  1. I recently had another kind of German malware. I trashed it before copying the text, but it was something to the effect that I am supposedly paying my (German) HMO too much money, and the new reduced rate sheet is enclosed. Well, guess what? I live in Israel. I have never been to Germany. So boo-hoo-hoo and poor you, Mr./Ms. Virusmonger, I didn’t get fooled.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s