Watch out! Widespread wire transfer confirmation emails carry malware


Cybercriminals have widely spammed out a malware campaign today, posing as a confirmation email about a wire transfer.

A typical email looks like this:

Email malware

Subject: Fwd: Re: Wire Transfer Confirmation

Dear Bank Account Operator,
WIRE TRANSACTION: WIRE-[random number]

You can find details in the attached file. (Microsoft Word format)

The precise subject line used by the emails can vary, as the below snapshot demonstrates:

Malware subject lines

Attached to the emails is a file called (obviously the spammers could change this filename at any time) which contains an executable file.

Sophos is adding detection of the ZIP file as Troj/BredoZp-KQ and the Trojan horse contained within as Troj/Bredo-ZT. Users of Sophos’s anti-spam solutions were already protected.

Money transfer. Image from ShutterstockInterestingly, in the example above, the malicious email claims to have come from Habbo Hotel – a virtual community which has had its fair share of bad headlines recently.

Other email addresses in the current “wire transfer” malware campaign claim to come from LinkedIn (just after the exposure of their embarrassing password security), UPS and other seemingly random addresses.

Which makes me wonder – are the spammers just having a laugh at our expense?

The fact is that if you’re reading sites like Naked Security, and keeping informed of the latest threats and tricks used by cybercriminals, you are quite unlikely to be duped by a malware attack like this one.

But there are plenty of other, less security-savvy, people out there. Make it your goal today to get one of the “not-we” clued up about security. Introduce them to Naked Security, and suggest that they get a clue.

You could be doing someone a favour that will make all of us that little bit safer.

Money transfer image courtesy of Shutterstock.