"Wire transfer confirmation" emails deliver malware
Posted on 27.06.2012
"Wire transfer confirmation" spam emails are nothing new - they've been regularly turning up in users' inboxes throughout the years.

But, as much as people working in the security industry would like to believe that users have learned to avoid this and other often-used tactics, the fact that emails like this are still being spammed out means that there are still individuals out there falling for the scheme.

This latest campaign has all the usual markings - the subject line implies that the email is a reply to a previous inquiry or that it has been forwarded to the recipient; the message says that there is a problem with the wire transfer; random big numbers are used to create the illusion that this wire transfer is one of millions.

Still, as Sophos' Graham Cluley points out, there is one curious detail that could help users to "smell a rat": the emails appear to have been sent from an email associated with Habbo Hotel, LinkedIn, UPS, and other companies that have no business sending out notifications about wire transfers.

Expectedly, these emails carry a malicious payload: the attached Transaction_N48823.zip is a variant of the Bredolab downloader Trojan, which opens the target computer to further infection.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th