"Wire transfer canceled"? Watch out for spammed-out malware attack

Filed Under: Featured, Malware, Spam

Dollars. Image from ShutterstockIf you've received an email in your inbox telling you that your wire transfer has been cancelled, take care - as it's the latest attempt by online criminals to infect the general public's Windows computers.

Brits (as opposed to Americans) probably won't be as likely to be duped by the spammed-out messages which use the US spelling of "canceled" in the subject line, and claim to come from the Federal Reserve.

Example of malware-infected email

The Wire transfer , recently sent from your bank account , was not processed by the FedWire.
Transfer details attached to the letter.
This service is provided to you by the Federal Reserve Board. Visit us on the web at website
To report this message as spam, offensive, or if you feel you have received this in error, please send e-mail to email address including the entire contents and subject of the message. It will be reviewed by staff and acted upon appropriately

Attached to the emails is a file called PAYMENT RECEIPT 30-04-2013-GBK-75.zip which Sophos products detect as containing the Troj/Zbot-EVX Trojan horse, designed to hijack your computer and - potentially - plunder your finances and steal private information.

Of course, the danger is that unsuspecting computer users will open the malicious email attachment even if they haven't recently tried to wire some cash.

The social engineering trap used in this attack takes advantage of people's natural curiousity, which - in many cases - will drive them to investigate the file even if alarm bells should be ringing.

Up-to-date anti-virus software and software patches can help protect your computer, but the real lesson that internet users need to learn is to not be so trusting of unsolicited emails that arrive out of the blue in their inbox.

Image of US money courtesy of Shutterstock.

, , ,

You might like

6 Responses to "Wire transfer canceled"? Watch out for spammed-out malware attack

  1. Julian · 541 days ago

    In the never-ending game of spammer versus spammee, this is one where it's hard to tell who is more stupid. The spammer writes in poor English (spaces before commas, "was not processed by the FedWire"), purporting to come from a US Federal agency and not from any recognizable bank. The only reason this kind of spam is still in operation is that some recipients still think it's potentially genuine, even with the obvious signs that it's not, and even if they haven't made a "wire transfer" recently. (Brits and other Europeans generally use the term "bank transfer" anyway.)

    Natural curiosity is a fine thing and when allied with greed (is there something in it for me?) provides many predatory creatures with their food supply. The one good thing about this is that, if spammers can make a living from no-brainers, there won't be an incentive for them to do anything more fiendish.

  2. LOL · 541 days ago

    I would always recommend checking suspicious attachments using on online service like VirusTotal.

    Sophos is one of the engines they test against

  3. Fred Snoobar · 541 days ago

    Kudos for the *accurate* story. So many stories about viruses simply say "can infect computers" instead of the correct "can infect WINDOWS computers".

    Perhaps some people don't see the difference, they assume most people will have Windows anyway. But the former implies that the virus can infect any computer, and obscures the fact that there ARE computers (or rather, operating systems) that are NOT susceptible to the virus-of-the-day.

  4. LOL · 540 days ago

    FYI this has just morphed - the earlier version was detected by our AV scanners but the new version is currently under the radar. Watch out for PAYMENT RECEIPT 01-05-2013.zip

  5. MikeP_UK · 540 days ago

    We British (we're definitely NOT 'Brits', that annoys so many of us) immediately know this is a scam for the reasons stated, bad spelling, bad punctuation and non UK English too. Few British people send money using 'wire transfer' services as many use internet banking or inter-bank transfers, plastic or the good and useful cheque (yes, they still have their valuable uses).
    So any British person getting this type of email should know at a glance that it is a scam. If they don't recognize it as such then one wonders about their education.

  6. Sheep · 540 days ago

    Haha. These "confident e-mails" even have multiple receivers listed in the e-mail info.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.