Emails Western Union Service contains Bredolab

November 30, 2009 by mxlab 1 Comment

After a relative low virus detection for more than a week, MX Lab started to intercepted a new virus outbreak of Bredolab in emails regarding a Western Union money transfer. The malware is named Bredolab.gen.a (McAfee), TrojanDownloader:Win32/Bredolab.X (Microsoft),  Mal/Krap-B (Sophos) or Trojan.Bredolab!gen3 (Symantec).

The spoofed from address is in the form of Manager Ginger Patrick <customer@westernunion.com> where the name of the person is random.

The email has the subject:

Western Union Service. Please get your money. Order NR.4560
Western Union Service. You can receive money transfer. Order NR.5606
Western Union Service. You should receive money transfer. Order NR.0743
Western Union Service. Your money transfer details!. Order NR.4560
Western Union Service. You need to get money! Order NR.5606
Western Union Service. MTCN Details. Order NR.3365

The order numbers will change with each email and are choosen randomly.

The body of the email:

Dear customer.

The amount of money transfer: 4675 USD.
Money is available to withdrawl.

You may find the Money Transfer Control Number and receiver’s details in document attached to this email.

Western Union.
Financial Services.

The email contains the attachment WU_Details_db6ec.zip with the executable WU_Details_db6ec.exe in the archive.

Virus Total permlink and MD5: 0307d603cef4c524c3b05417387dfdec

Filed under Viruses Tagged with , , , ,

One Response to Emails Western Union Service contains Bredolab

  1. Pingback: Emails Western Union Service contains Bredolab « mxlab – all about … Merchant just to Me

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>