Western Union malware attack launched
29 May 2009 | 9369 views | 2
Western Union has become the latest firm to have its brand hijacked by phishers, with a flood of trojan-laden e-mails purporting to come from the money transfer outfit hitting inboxes.
Security firm Sophos says its labs have spotted e-mails claiming to be from email@example.com with subject lines such as "Western Union Transfer MTCN: 2048922446".
The message claims a money transfer sent by the e-mail recipient failed to be collected. The victim is told to recoup their money by printing an attached invoice and taking it to a Western Union branch.
However, the attachment, a file called WesternUnion_SPL90710021.zip, contains a malicious Trojan horse called Troj/Agent-JZY.
Graham Cluley, senior technology consultant, Sophos, suggests the attack is unlikely to fool all but the most gullible.
"If you haven't sent any money via Western Union, then why would they be telling you it failed to be delivered properly? Common sense is your friend. It's just such a shame that it doesn't seem to be very common," says Cluley.