A currently underway attack is attempting to trick victims with an e-mail that purports to request a verification for payment to a major company, but instead carries a Trojan.
E-mail security company Cloudmark reports seeing more than 1.6 million of the attack e-mails, which bear a subject of “payment request from” followed by a company name such as eBay or J. P. Morgan Chase and Co. The body of the message says that to decline the payment, the recipient must download and install an attached “transaction inspector module.”
The .zip file attachment, of course, is no module, but a Trojan. In a post that includes screen shots of some attack samples, Trend lists the Trojan as TROJ_AGENTT.WTRA.
As always, your best bet to guard against the malicious e-mail attachments used in these kinds of social-engineering attacks is to upload attachments to a site such as Virustotal.com, which will scan the attachment using 40-odd different antivirus engines. There’s no guarantee that Virustotal.com will positively ID a threat, but you have much better odds with 40 engines than with the one used by your installed antivirus.