Western Union MTCN trojan variant

May 13, 2009 by mxlab 1 Comment

MX Lab intercepted emails with attached malware Trojan-Spy.Win32.Zbot.tnt regarding a failed money transfer that is handled by Western Union. The email subject is “Western Union Transfer MTCN: 9439449215″ – note that the number is random and will change with each message – and is coming from support@westernunion.com – is obviously spoofed.

The body of the email:

Dear Client!

 

The money transfer you have sent on the 9th of March has not been received by the recipient.

According to the Western Union contract the transfers which are not collected in 15 business days are to be returned to sender.

To collect funds you need to print the invoice attached to this e-mail and visit the nearest Western Union agency.

 

Thank you!

The email has a Zip file attached with the name Invoice_8773.zip which contains the executable Invoice_8773.exe. The malware has the same characteristics as our previous malware detection in the past.

VirusTotal permalink and MD5:fa491105bd5c3baedad78f28586ff91e.

Filed under Viruses Tagged with , , , ,

One Response to Western Union MTCN trojan variant

  1. Rakesh says:
    June 3, 2009 at 4:56 pm

    Hi,

    I was wondering as to how can I receive a western union failed transaction email. So, to check the authenticity of the email I tried to check the status of the MTCN number and to find the site I typed Western union MTCN and surprisingly the very first link was about MTCN trozan virus. Gosh! was I luck to not have opened the attachment.

    Rakesh

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>