Western Union malware attack launched

Western Union malware attack launched

Western Union has become the latest firm to have its brand hijacked by phishers, with a flood of trojan-laden e-mails purporting to come from the money transfer outfit hitting inboxes.

Security firm Sophos says its labs have spotted e-mails claiming to be from support@westernunion.com with subject lines such as "Western Union Transfer MTCN: 2048922446".

The message claims a money transfer sent by the e-mail recipient failed to be collected. The victim is told to recoup their money by printing an attached invoice and taking it to a Western Union branch.

However, the attachment, a file called WesternUnion_SPL90710021.zip, contains a malicious Trojan horse called Troj/Agent-JZY.

Graham Cluley, senior technology consultant, Sophos, suggests the attack is unlikely to fool all but the most gullible.

"If you haven't sent any money via Western Union, then why would they be telling you it failed to be delivered properly? Common sense is your friend. It's just such a shame that it doesn't seem to be very common," says Cluley.

Comments: (2)

A Finextra member
A Finextra member 01 June, 2009, 15:43Be the first to give this comment the thumbs up 0 likes

I had to click on this "news" out of curiousity...it all seems so five years ago. Every day, many major brands have countless numbers of phishing attacks launched in their names. What's news about this?

Paul Penrose
Paul Penrose - Finextra - London 01 June, 2009, 16:43Be the first to give this comment the thumbs up 0 likes

Blame it on a slow newsday - and the fact that the Trojan payload distinguished it from the usual spoof Web redirect (which I'll grant you does give off a nostalgic legacy vibe)