Similar Searches

  • Western Union entwined with cybercrime? (May 20, 2010)

    A few weeks ago I came across several email messages in Spanish purporting to have been sent by Western Union:As you can see, this is a typical message sent as spam that we have seen in many guises. It tries

  • FDIC Spam Points to Info Stealer (October 27, 2009)

    Trend Micro researchers recently found spam emails fashioned to come from Federal Insurance Deposit Corporation (FDIC). The email message informs users that they should visit the “official” FDIC’s website (provided in the email) to check their Deposit Insurance Coverage.

  • Spoofed Contract Carries Malware (October 24, 2009)

    Trend Micro researchers found spammed messages with a .ZIP file attachment that contains a malware. It bears the subject, “Contract of Settlements,” and purports to come from LSM Company. It informs users to open and check the attached file that

  • Fake Windows Support Spam Brings Forth an Info-Stealer (March 9, 2009)

    This is probably the type of support one wouldn’t want to have. Spammed email messages were found pretending to come from Microsoft Windows Support and claiming that Microsoft Service Pack 1 and Service Pack 2 have been discovered to have an

  • Invoice Spam Finds New Target: WorldPay (April 30, 2009)

    After spam runs related to UPS, FedEx, and Western Union, another form of invoice spam strikes again! We caught a new invoice spam that is purportedly from WorldPay, a division of

Related News

  • Western Union entwined with cybercrime? (May 20, 2010)

    A few weeks ago I came across several email messages in Spanish purporting to have been sent by Western Union:As you can see, this is a typical message sent as spam that we have seen in many guises. It tries

  • FDIC Spam Points to Info Stealer (October 27, 2009)

    Trend Micro researchers recently found spam emails fashioned to come from Federal Insurance Deposit Corporation (FDIC). The email message informs users that they should visit the “official” FDIC’s website (provided in the email) to check their Deposit Insurance Coverage.

  • Spoofed Contract Carries Malware (October 24, 2009)

    Trend Micro researchers found spammed messages with a .ZIP file attachment that contains a malware. It bears the subject, “Contract of Settlements,” and purports to come from LSM Company. It informs users to open and check the attached file that

  • Fake Windows Support Spam Brings Forth an Info-Stealer (March 9, 2009)

    This is probably the type of support one wouldn’t want to have. Spammed email messages were found pretending to come from Microsoft Windows Support and claiming that Microsoft Service Pack 1 and Service Pack 2 have been discovered to have an

  • Invoice Spam Finds New Target: WorldPay (April 30, 2009)

    After spam runs related to UPS, FedEx, and Western Union, another form of invoice spam strikes again! We caught a new invoice spam that is purportedly from WorldPay, a division of

Latest News

Beta test spammers target forum users

Malicious Search Suggestions with Google Instant

0-day for Adobe Reader 9.3.4

Return of the Unpublished Adobe Vulnerability

Adobe PDF Zero-Day Exploit Discovered in the Wild

Spoofed Western Union Mail Carries Info Stealer

Fast, safe, and reliable–the promise of money transfer companies. They have been popular because of the convenience in transferring money in almost any part of the world. A convenience being enjoyed by spammers as well.

Recently, the Content Security team caught spam claiming to be from Western Union containing a notice of an uncollected money transfer. The uncollected money is to be returned to the sender, who is supposed to be the recipient of the mail. In order to encash, an instruction from the email “advices” the recipient to print the “invoice” attached. But wait, is it really a legitimate invoice?

Opening the attachment reveals an executable file, which may or may not have the extension (.EXE) visible. The more discerning user could think at the circumstances when invoices are delivered in an executable file format?

The answer to the question is in this case redundant, since the attached file, in truth, is not a real invoice but a malicious file detected as TSPY_ZBOT.AXJ. TSPY_ZBOT.AXJ monitors Internet activity on the affected system and waits for the user to access certain banking-related websites. Once the user does indeed access a banking-related website, it then steals any information entered into the site, compromising the user’s account. Furthermore, TSPY_ZBOT.AXJ

Continue reading...


Source: TrendLabs | Malware Blog - by Trend Micro

  • Western Union entwined with cybercrime? (May 20, 2010)

    A few weeks ago I came across several email messages in Spanish purporting to have been sent by Western Union:As you can see, this is a typical message sent as spam that we have seen in many guises. It tries

  • FDIC Spam Points to Info Stealer (October 27, 2009)

    Trend Micro researchers recently found spam emails fashioned to come from Federal Insurance Deposit Corporation (FDIC). The email message informs users that they should visit the “official” FDIC’s website (provided in the email) to check their Deposit Insurance Coverage.

  • Spoofed Contract Carries Malware (October 24, 2009)

    Trend Micro researchers found spammed messages with a .ZIP file attachment that contains a malware. It bears the subject, “Contract of Settlements,” and purports to come from LSM Company. It informs users to open and check the attached file that

  • Fake Windows Support Spam Brings Forth an Info-Stealer (March 9, 2009)

    This is probably the type of support one wouldn’t want to have. Spammed email messages were found pretending to come from Microsoft Windows Support and claiming that Microsoft Service Pack 1 and Service Pack 2 have been discovered to have an

  • Invoice Spam Finds New Target: WorldPay (April 30, 2009)

    After spam runs related to UPS, FedEx, and Western Union, another form of invoice spam strikes again! We caught a new invoice spam that is purportedly from WorldPay, a division of

Copyright © 2010 The Security Blog. All rights reserved.