clamav-users May 2009 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] VIRUS? PHISH? "Western Uni

Re: [Clamav-users] VIRUS? PHISH? "Western Union Transfer MTCN: 0258258718"

From: russbucket <russbucket_at_nospam>
Date: Tue May 12 2009 - 14:13:25 GMT
To: clamav-users@lists.clamav.net


On Tuesday 12 May 2009 07:04:46 am Charles Gregory wrote:
> Greetings!
>
> Received the following e-mail that looks like a phishing attempt,
> with an attached zipped .exe file ...
>
> I've saved the file to:
> http://www.hwcn.org/~cgregory/virus/MTCN_INVOICE.zip
>
> I don't have the facilities to test anything, but just the fact
> that it is an attached exe in an obvious phish makes me wonder
> if this is a brand new virus (or clever scheme that should still
> be trapped)?
>
> So if someone can test/analyse the above file (it tests clean
> with this morning's clamscan), I would be interested in how it
> does its 'thing'....
>
> - Charles
>
> ---------- Forwarded message ----------
> Date: Tue, 12 May 2009 10:59:31 +0200
> From: Western Union <hchaney@enviromedia.com>
> To: cgregory@hwcn.org
> Subject: [4.4] Western Union Transfer MTCN: 0258258718
>
> Dear Customer!
>
> The money transfer you have sent on the 21st of March has not been received
> by the recipient.
> According to the Western Union agreement the transfers which are not
> collected in 30 business days are to be returned to sender.
> To collect cash you need to print the invoice attached to this e-mail and
> visit the nearest Western Union branch.
>
> Thank you!
>
> ------ End of quote ------
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

I got several of these over the past couple of days. My ISP trapped them as Viruses, they never made it to my system. Be careful if you opened the attachment!. I run clamav but I'm on a Linux system so I don't worry as much, Also my ISP does a good jobs of filtering viruses and spam, etc.



Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml