Western Union malware attack rides into inboxes

Our labs are seeing a stampede of emails claiming to come from Western Union’s support team, but are actually carrying a malicious payload in the form of a Trojan horse.

Malicious email claiming to come from Western Union

The emails, which pretend to have been sent from support@westernunion.com, have subject lines such as

Western Union Transfer MTCN: 2048922446

(note that the number is randomly generated) and contain the following message:

The money transfer you have sent on the 1st of April wasn't collected by the recipient.
According to the Western Union regulation the transfers which are not collected in 15 days are to be returned to sender. To collect cash you need to print the invoice attached to this email and visit the nearest Western Union branch.

Attached to the spammed-out emails is a file called WesternUnion_SPL90710021.zip, which, unbeknownst to the unsuspecting recipient, contains a malicious Trojan horse called Troj/Agent-JZY.

Do you really want to fall for a hacker’s trick? Do you want to install code on your computer which could potentially steal your identity, turn your PC into a spam-spewing factory or hand over the reins to a remote hacker who can command your computer to do anything he wants?

I thought not.

So don’t fall for electronic con-tricks like this one – use your common sense. If you haven’t sent any money via Western Union, then why would they be telling you it failed to be delivered properly?

Common sense is your friend. It’s just such a shame that it doesn’t seem to be very common.