Attached trojan installer poses as invoiceSecurity researchers warn of a new attack targeting Western Union customers. Fake e-mails claim to be notices of failed transfers warranting a refund. The invoice file attached is, actually, a computer trojan.
In these hard times, economically wise, few people are bound to refuse the chance of cashing in some free money. Unfortunately, malware distributors are also aware of this and, as always, are trying to profit from the social impact of the economic recession.
E-mails with subjects like "Western Union Transfer MTCN: ##########" (where # is a random digit) have been recently caught by spam traps. "The money transfer you have sent on the 13th of March has not been collected by the recipient. According to the Western Union agreement, the transfers which are not received in 15 days are to be returned to sender," their message reads.
At this point, one might be thinking that, even if they were not the intended recipient and this e-mail might have reached them accidentally, they could still get the money. And the social trickery continues, as it is apparently easy to do so, because "To collect cash you need to print the invoice attached to this e-mail and visit the nearest Western Union branch."
So, you now have two reasons to open the attached file. For one, to see how much money you could potentially get for free and if it's worth making a trip to the nearest Western Union, and, secondly, you need the document contained. Too good to be true?
Of course, because "opening the attached file wouldn't be the smartest move you've ever made in life, as it contains a malicious Trojan horse," according to Graham Cluley, senior technology consultant at antivirus vendor Sophos.
But there's more to this e-mail. "Interestingly, the malicious emails append some text to the bottom of each message to make it appear as though your mail gateway has scanned the message and determined it not to be spam," Mr. Cluley explains. This is not a new technique, but it certainly adds to its credibility.
This latter threat continues on the trend of spam campaigns targeting financial institutions. Just a few days ago, we reported about a similar scheme aimed at tricking WorldPay costumers through fake transaction-confirmation e-mails and, of course, accompanying invoices.