Sophos Cloud Optix
If you’ve received an email in your inbox telling you that your wire transfer has been cancelled, take care – as it’s the latest attempt by online criminals to infect the general public’s Windows computers.
Brits (as opposed to Americans) probably won’t be as likely to be duped by the spammed-out messages which use the US spelling of “canceled” in the subject line, and claim to come from the Federal Reserve.
The Wire transfer , recently sent from your bank account , was not processed by the FedWire.
Transfer details attached to the letter.
This service is provided to you by the Federal Reserve Board. Visit us on the web at website
To report this message as spam, offensive, or if you feel you have received this in error, please send e-mail to email address including the entire contents and subject of the message. It will be reviewed by staff and acted upon appropriately
Attached to the emails is a file called PAYMENT RECEIPT 30-04-2013-GBK-75.zip which Sophos products detect as containing the Troj/Zbot-EVX Trojan horse, designed to hijack your computer and – potentially – plunder your finances and steal private information.
Of course, the danger is that unsuspecting computer users will open the malicious email attachment even if they haven’t recently tried to wire some cash.
The social engineering trap used in this attack takes advantage of people’s natural curiousity, which – in many cases – will drive them to investigate the file even if alarm bells should be ringing.
Up-to-date anti-virus software and software patches can help protect your computer, but the real lesson that internet users need to learn is to not be so trusting of unsolicited emails that arrive out of the blue in their inbox.
Image of US money courtesy of Shutterstock.
In the never-ending game of spammer versus spammee, this is one where it's hard to tell who is more stupid. The spammer writes in poor English (spaces before commas, "was not processed by the FedWire"), purporting to come from a US Federal agency and not from any recognizable bank. The only reason this kind of spam is still in operation is that some recipients still think it's potentially genuine, even with the obvious signs that it's not, and even if they haven't made a "wire transfer" recently. (Brits and other Europeans generally use the term "bank transfer" anyway.)
Natural curiosity is a fine thing and when allied with greed (is there something in it for me?) provides many predatory creatures with their food supply. The one good thing about this is that, if spammers can make a living from no-brainers, there won't be an incentive for them to do anything more fiendish.
I would always recommend checking suspicious attachments using on online service like VirusTotal.
Sophos is one of the engines they test against
Kudos for the *accurate* story. So many stories about viruses simply say “can infect computers” instead of the correct “can infect WINDOWS computers”.
Perhaps some people don’t see the difference, they assume most people will have Windows anyway. But the former implies that the virus can infect any computer, and obscures the fact that there ARE computers (or rather, operating systems) that are NOT susceptible to the virus-of-the-day.
FYI this has just morphed – the earlier version was detected by our AV scanners but the new version is currently under the radar. Watch out for PAYMENT RECEIPT 01-05-2013.zip
We British (we're definitely NOT 'Brits', that annoys so many of us) immediately know this is a scam for the reasons stated, bad spelling, bad punctuation and non UK English too. Few British people send money using 'wire transfer' services as many use internet banking or inter-bank transfers, plastic or the good and useful cheque (yes, they still have their valuable uses).
So any British person getting this type of email should know at a glance that it is a scam. If they don't recognize it as such then one wonders about their education.
Haha. These "confident e-mails" even have multiple receivers listed in the e-mail info.