Spam Exploiting Western Union Brand Downloads Trojan

Researchers at Sunbelt Software have spotted an executable Trojan in the wild that arrives through an attachment to spam mails posing to send in a Western Union notification of money transfer. SCMagazineUS published this information on January 29, 2008.

For folks who have never received any Western Union transfer, this is simply another excuse for spam. But people who get transfers from Western Union could find this e-mail damaging.

According to Sunbelt Software's report published on January 29, 2008, the payload of the latest spam mail is a Trojan. As the Trojan gets loaded and executed, a text file, looking fairly legitimate, comes in sight of the victim. The Trojan, known as Troj/Ransom-A, creates several new files with .exe extension on a system running Windows operating system. It then tells the user that the erased files are stored in a concealed directory and would be substituted if the operating system is uninstalled.

Security experts at Sunbelt Software said that this new Trojan is a ransom ware that freezes the system after infecting it to follow with a demand for money from the affected user to restore the system. The e-mail then instructs the user to send the amount demanded to the hacker via Western Union.

Malware Researcher, Adam Thomas, for Sunbelt Software, said that the e-mail attachment that pretends to be the transfer document actually loads a keylogger program onto the end-users' system to gather personal information, like usernames and passwords, after which, the malware transmits that data to a third-party site. SCMagazineUS published Thomas' statement on January 29, 2008.

Thomas added that the attack technique is rather unsophisticated, pointing at the inaccurate name of the e-mail recipient and the presence of an executable file, which does not automatically open in majority of the e-mail clients.

The attacker used Western Union as bait to lure recipients possibly because that's the technique the miscreants use to remit money, Thomas said.

President and Chief Executive Officer, Alex Eckelberry, said that the e-mail claims that Western Union has transferred $3,750 to the recipient along with a transfer sheet and tracking number. SCMagazineUS published Eckelberry's statement on January 29, 2008.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 2/8/2008