Browse archive

Latest news

Microsoft to pay up to 150k for vulnerabilities

(IN)SECURE Magazine issue 38 released

Collected data helped foil 50 terrorist plots, says NSA chief

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

How to detect hidden administrator apps on Android

Hacking charge stations for electric cars

"Wire transfer confirmation" emails deliver malware

Posted on 27.06.2012

"Wire transfer confirmation" spam emails are nothing new - they've been regularly turning up in users' inboxes throughout the years.

But, as much as people working in the security industry would like to believe that users have learned to avoid this and other often-used tactics, the fact that emails like this are still being spammed out means that there are still individuals out there falling for the scheme.

This latest campaign has all the usual markings - the subject line implies that the email is a reply to a previous inquiry or that it has been forwarded to the recipient; the message says that there is a problem with the wire transfer; random big numbers are used to create the illusion that this wire transfer is one of millions.

Still, as Sophos' Graham Cluley points out, there is one curious detail that could help users to "smell a rat": the emails appear to have been sent from an email associated with Habbo Hotel, LinkedIn, UPS, and other companies that have no business sending out notifications about wire transfers.

Expectedly, these emails carry a malicious payload: the attached Transaction_N48823.zip is a variant of the Bredolab downloader Trojan, which opens the target computer to further infection.