Issue 119 - October 2011 - Page 14
Western Union 'Money Transfer' Trojan Email
Email purporting to be from Western Union claims that the recipient has "received a remittance" and should open an attached file to access more information about a supposed money transfer.
The email is not from Western Union and the attached file does not contain information about a money transfer. Instead, the attached file contains a trojan that can allow cybercriminals to take control of your computer.
Detailed analysis and references below example.
Last updated: 14th September 2011
First published: 14th September 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: WESTERN UNION: MONEY TRANSFER FOR YOU
DEAR CONSUMER , You have received a remittance, more information about the money transfer is in the attached file.
Money Order can be cashed at any branch or bank in Your city
All for You , WesternUnion Holdings Inc
TEST QUESTIONS: Test Questions may be used with some Services if the principal amount of the money transfer does not exceed USD999.99. In the U.S, and many destinations outside the U.S., a money transfer that includes a test question will be paid to the Receiver if the Receiver can provide the correct answer to the Test Question or can provide valid identification. In some Destinations Receiver may be required to provide identification, a test question answer or both to receive funds in cash. Test Questions are not an additional security feature and cannot be used to time or delay the payment of a transaction and are prohibited in certain countries. Please contact at the customer service telephone number listed below for current information regarding the availability of test question for Your selected destination
Attachment Name: WesternUnion_Inc-l5270758.zip
Payload Name WesternUnion_received_ID5633865642.doc__________________________.exe
According to this email, which purports to be from financial services company Western Union, the recipient has "received a remittance" and should open an attached file to view details about this supposed money transfer.
However, the email is certainly not from Western Union and the attachment does not contain information about a money transfer. In fact, the attachment contains a trojan
that, once installed, can give Internet criminals access to the compromised computer. Those who open the attached .zip file, will find a second file that, at first glance, may appear to be a harmless Word document (.doc) file. In an oft used ruse, the scammers have given the malicious payload a name with a double file extension with a long gap between the two extensions. They hope that unwary recipients will therefore see only the .doc extension and, because of the gap, miss the .exe extension. Of course, the real extension is .exe, denoting that it is an executable file, not a Word document.
Versions of the malware emails have been distributed since late August 2011. While all versions refer to a supposed Western Union money transfer, subject lines, attachment names and other details may vary. Bogus emails
claiming to be from Western Union have also been repeatedly used
by scammers as a means of tricking people into revealing personal and financial information. Western Union will never send
you an unsolicited email that asks you to review information or supply personal details by opening an attached file or by following a link. Any such email should be treated with suspicion.
Western Union money transfer email disguises Trojan attack
Western Union 'Too Many Login Attempts' Phishing Scam
Western Union Unauthorized Transaction Phishing Scam
Western Union - Suspicious (Phishing) Email
Pages in this month's issue:
- Jordon Mills Prayer Request
- Amy Bruce Charity Hoax Revisited
- 'Australian Taxation Office 'New Rules' Malware Emails
- Bogus Facebook Virus Warning - 'Pornographic Movies Posted On Our Behalf'
- Are UK Companies Required by Law To Transfer 0800 Callers to UK Based Reps If Requested?
- Australia Post Undelivered Package Malware Emails
- Hoax: Picture of Shark Swimming in Flooded Street After Hurricane Irene
- Circulating Health Warning: Beware of Little White and Black Caterpillars
- Harly A. Andrews Prayer Request
- UEFA EURO 2012 Email Draw Advance Fee Scam
- Farmville White Gift Box Virus Warning Hoax
- Sleazy Online Dating Emails Carry Malware
- 'New Antivirus Update for Windows' Scam Email
- Western Union 'Money Transfer' Trojan Email
- Bob Katter and the 'Labor Party's Worst Nightmare' Polemic
- Hoax - Collect Bottle Caps For Free Cancer Chemotherapy Treatment
- 'Your Credit Card is Blocked' Malware Emails