Flood of Fake Western Union E-mails Hide Trojan

Malware authors, always opportunistic, are hoping that people will click on an e-mail that claims to be from Western Union — and contains malware.

“Our labs are seeing a stampede of e-mails claiming to come from Western Union’s support team, but are actually carrying a malicious payload in the form of a Trojan horse,” Graham Cluley, senior technology consultant at Sophos, wrote in his blog yesterday.

The e-mails say that a payment sent by Western Union failed to arrive, and come with an attachment. The attachment is a Trojan. The e-mails generally have the headline “Western Union Transfer MTCN,” so some are calling this the MTCN Trojan.

The Trojan itself is not new. It’s a variant of a Trojan first spotted almost a year ago, according to security research firm MX Lab.

MX Lab said in a blog post that the Trojan is “a banking Trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.”

The news comes as security firm Vasco Data Security International reported that its small business customers are finding that the total number of banking Trojans and phishing scams has increased eightfold since last year

The latest attack is not subtle, said Zulfikar Ramzan, technical director and architect of Symantec Security Response.

“It used to be the case that online malicious activity attempted to exploit the underlying communications network level or the software application level,” he said in an e-mail to
InternetNews.com. “Nowadays, in most instances, the exploitation is happening at the human level. Cybercrime has moved away from utilizing ‘Ocean’s Eleven’-type complexity, and is now more about 7-11-type smash-and-grab approaches.”

He added that similar attacks are targeting other payment providers.

Meanwhile, experts are offering basic and simple recommendations.

“Don’t fall for electronic con-tricks like this one — use your common sense,” Cluley said in his blog post.

Ramzan agreed. “In general, we urge people to be wary about opening files that either are directly attached to an e-mail or that are somehow pointed to by an e-mail via a link. That advice even applies to files that come from people you know since they may themselves have become infected.”

It’s important to understand that we need to develop a new sense of street smarts for conducting online transactions safely,” he said. “We also need to better understand what might constitute risky behavior online.”