Fake Payment Confirmation’ scam emails

  • 1

A series of new spam emails that target computer users and attempt to infect them with a variant of a ZBOT trojan have been discovered.

The e-mail attempts to persuade a recipient to open an attachment and claims that the said attachment contains a payment confirmation for the recipient. However, the “TTcopy.zip” attachment contains a malicious “TTcopy_pdf.exe” file that, when executed, attempts to infect the system with malicious code.

The e-mail message contains the following “Subject” and “Message Body”:
Subject: TT copy of payment

Message Body:
Kindly find attached TT copy of payment made to your account today as balance payment on behalf of your customer and the documents, pls sign/stamp and send back to me asap. Kindly confirm that the amount/bank details are correct as and the same with
the one your colleague gave us to make payment with. I await your urgent confirmation and response.
Thanks and best regards.

If you come across such emails, DO NOT open the attachment. Instead, delete the email and keep your Quick Heal antivirus updated. Quick Heal detects the malicious attached file as TrojanSpy.Zbot.gfld; so our users are already protected.

We additionally recommend that users do not open such attachments from any other unknown emails as well.

Anand Yadav

Anand Yadav


Your email address will not be published.


  1. Thanks anand for updating us with one more new scam

  2. Thanks For sugesstion

  3. I get many such mails on a daily basis, and I have filtered them to go to the Spam folder, from where they are deleted without even opening. RBI has been warning all not to respond to such offers of winnings, legacies, etc for they but scams. I know of a couple of people who have been cheated out of their savings though such scams.
    Recently Quick Heal started a campaign asking their users to forward to them sms/text messages informing of winnings in various promotion campaigns, lotteries. Ever since I forwarded 3 such messages, I have not received any. Thanks, Quick Heal!

  4. Thanks…..

  5. Avatar PVSA Hari KowtilyaOctober 31, 2012 at 6:24 PM

    Doesn’t the Quick Heal have antivirus database for this type of virus? If there, is it updated hitherto?

  6. Thanks for the post, recently one incident occurred at our place, one person already lost around rs. 120000 in such scam.

    One more thing we can check that domain names of such mails, it is a common sense that any official mail regarding money or job can’t come from personal mail id. So be alerted…


  7. Thanks

  8. Avatar Basak PradeepOctober 31, 2012 at 9:46 PM

    Thanks, Anand, vrey useful suggestion,must be follwed……

  9. Avatar santanu duttOctober 31, 2012 at 11:45 PM

    it is a nice informatiom. so i am now not opening the attachments without scanned by quick heal also this type of attachment never. thank u quick heal teams.

  10. Avatar M.ThiagarajanNovember 1, 2012 at 8:33 AM

    Dear Sir,

    Thanks for your alert. Keep up the good work.


  11. Thanks for update!!

  12. Avatar Raghu Nandan SharmaNovember 1, 2012 at 11:02 AM

    Your alert are quite informative. Thanks for such informations. I regularly got SMS on my Molile that your Mobile number has won 1,00,000 pounds. Such SMS I used to delete without opening. My advise to all readers that they must delete such messages if receive on mobile or on email.

  13. ok…

  14. I continuously receive these So called ‘Mobile Prize winning’ Sms’s ! Presumably from Nigerian Scamsters ! Spoke to certain Poilce Officers on a Personal level, they don’t seem to be bothered to track them down ! Would Quick Heal be interested in these Fwd’d so that atleast QH can then inform Rest of Clients ?? Any particular Mob/Email address to Fwd to ?

    • Rahul Thadani Rahul ThadaniNovember 1, 2012 at 2:10 PM

      Hi Minoo,
      Yes you can forward such messages to +91-86000-44733.

    • Avatar Soubhagya DeepNovember 1, 2012 at 6:23 PM

      I too receive these SMSs especially on my BSNL sim. The other day sister also received it and was about to respond when I was able to stop her the last minute. People need to be aware about this. Why mobile operators do not filter them?

  15. I also received one saying just:
    re invoice attached.
    I have not opened any attachments because, I don’t recognize the sender, but curiosity is a huge motivator to open.