'Advance Payment Received' Email Virus Description
The 'Advance Payment Received' email virus represents a spam email campaign distributing a malware threat. The emails are crafted to appear as if a user's deposit payment has been accepted or pre-processed. The attached file supposedly contains the order details. To give themselves a bit more legitimacy, the emails end with contact details for Cox Enterprises, Inc., a global conglomerate operating in the automotive service, communication, and media industries.
This is all fake, though, and Cox Enterprises, Inc is in no way connected to the dissemination of these corrupted emails. Indeed, no part of the information inside the emails is real. They are simply acting as a lure to get the targeted users to open the attached file - 'dep_det_3444608.docm,' resulting in the malware inside it being executed. The malware delivered through the emails has been identified as Zloader, a first stage payload threat that is tasked with downloading and executing additional malware payloads onto the compromised system.
The final payload of the 'Advance Payment Received' email virus is the Zeus banking Trojan. As its name suggests, this particular threat is designed to specifically target and harvest sensitive user information such as banking, payment, or finance details.
It can also take arbitrary screenshots and extract data copied into the clipboard. Upon receiving the required commands from the cybercriminals responsible for this campaign, Zeus also can fetch and deploy additional malware onto the infected system, including other Trojans, ransomware, cryptominers, etc.
Opening any files found inside emails that the user doesn't recognize or has no recollection of ever contacting is extremely risky. Exercise caution, use a professional anti-malware solution and keep it as up-to-date as possible.