Trojan-embedded Spam Mails Target Western Union Money Transfer

According to Sophos, an e-mail spam campaign from malware distributors has attacked Western Union Money Transfer.

The malicious e-mails that have reportedly arrived displaying "Western Union Transfer MTCN: <random number>" as the header, address the recipient as "Dear Customer." They then falsely inform him that the person who was supposed to collect the money transferred on March 10, 2009 hadn't done so.

Thus, to take back the money, the spam mail directs the recipient to open an invoice attached as a Zip file and take a print of it. The printed invoice should be deposited at the local Western Union office. The message subsequently concludes by thanking the reader.

Graham Cluley, Senior Technology Consultant, Sophos, states that opening the attached file leads to the loading of a nasty Trojan virus that Sophos has recognized as Troj/Agent-JUC, as reported by SOFTPEDIA on May 9, 2009.

Furthermore, the e-mails are particularly interesting because they add a special text below each message that makes the recipient think that the message has been scanned at his mail gateway and found to be legitimate. Precisely, the messages show "no spam" at their end. This perhaps, according to security experts, is to lend a touch of authenticity to the e-mails.

Meanwhile, the Trojan has not just affected Western Union Money Transfer by spreading through spam mails. It has also been used in a similar campaign for malware distribution against customers of WorldPay, a unit of Royal Bank of Scotland. Cyber criminals have been sending their malicious e-mails to WorldPay customers with the Trojan embedded in them.

Security researchers state that invoices zipped in attachments is a long standing technique that malware distributors have been using. Often, e-mail recipients end up downloading malware in the excitement and curiosity built by the unexpected e-mails.

In the meantime, with two very familiar financial institutions becoming targets of malware distributors, security specialists note that apparently the con artists are returning on the Net with their traditional tricks of propagating malicious code by infecting users' PCs with spam mails that are embedded with malware.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 5/20/2009