clamav-users May 2009 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] VIRUS? PHISH? "Western Uni

Re: [Clamav-users] VIRUS? PHISH? "Western Union Transfer MTCN: 0258258718"

From: russbucket <russbucket_at_nospam>
Date: Tue May 12 2009 - 14:13:25 GMT

On Tuesday 12 May 2009 07:04:46 am Charles Gregory wrote:
> Greetings!
> Received the following e-mail that looks like a phishing attempt,
> with an attached zipped .exe file ...
> I've saved the file to:
> I don't have the facilities to test anything, but just the fact
> that it is an attached exe in an obvious phish makes me wonder
> if this is a brand new virus (or clever scheme that should still
> be trapped)?
> So if someone can test/analyse the above file (it tests clean
> with this morning's clamscan), I would be interested in how it
> does its 'thing'....
> - Charles
> ---------- Forwarded message ----------
> Date: Tue, 12 May 2009 10:59:31 +0200
> From: Western Union <>
> To:
> Subject: [4.4] Western Union Transfer MTCN: 0258258718
> Dear Customer!
> The money transfer you have sent on the 21st of March has not been received
> by the recipient.
> According to the Western Union agreement the transfers which are not
> collected in 30 business days are to be returned to sender.
> To collect cash you need to print the invoice attached to this e-mail and
> visit the nearest Western Union branch.
> Thank you!
> ------ End of quote ------
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit

I got several of these over the past couple of days. My ISP trapped them as Viruses, they never made it to my system. Be careful if you opened the attachment!. I run clamav but I'm on a Linux system so I don't worry as much, Also my ISP does a good jobs of filtering viruses and spam, etc.

Help us build a comprehensive ClamAV guide: visit