MX Lab intercepted a new trojan variant in emails with the subject “The transfer is available to withdrawl. Western Union.” regarding a money transaction. The email is sent from the spoofed address “Western Union <customer.id0657@westernunion.com>” and has the following message body:
Dear customer.
The amount of money transfer: 9864 USD.
Money is available to withdrawl.
You may find the MTCN and receiver’s details in document attached to this email.
Western Union.
Customer Service.
The trojan is known as Trojan.Win32.Oficla.ju (Kaspersky), Mal/Oficla-A (Sophos), Trojan-Downloader:W32/Oficla.HY (F-Secure).
Virus Total permlink and MD5: 3b3a8d2b86c5532ff8dfdaf4eb2b7789
View full post on mxlab – all about anti virus and anti spam
Related Posts
- Email with new password from Facebook Support contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the message that your facebook account has been blocked because of spam that was sent from your accou... - Emails regarding an attached resume contains a trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email regarding a resume. The following subjects are possible:
Attached please find.
Here’s the file you w... - Email with Guys & Dolls ZIP file contains trojan
MX Lab intercepted some emails with the subject “Ad third try” with attached a ZIP file named Guys & Dolls_displayad.zip.
The message comes from a spoofed email address and has the fol... - Ransomware Trojan: go to your local Western Union office, I’ll get the $$ on the other side (with love)
Ramsomware Trojans are some of the most annoying threats, preventing you from accessing your data and demanding money: Computer Infected! Documents have been encrypted! READ BELOW TO RECOVER FILES How... - Email “Statement of fees 2009/2010″ contains trojan
MX Lab intercepts a new trojan variant in emails with the subject “Statement of fees 2009/2010″. The trojan is known as Trojan.Sasfis (Symantec), Suspicious:W32/Malware!Gemini (F-Secure) o... - Email with subject “Outlook Setup Notification” contains trojan
MX Lab intercepted a few emails with the subject “Outlook Setup Notification”. The message contains instructions to re-configure Microsoft Outlook and to open the attached zip file.
The me... - “Thank you for buying iTunes Gift Certificate!” email contains trojan
MX Lab started to intercept emails with the subject “Thank you for buying iTunes Gift Certificate!” with the trojan Gen:Variant.Bredo.4 (Bitdefender, F-Secure), Win32/Oficla.GQ (NDO32), Tr... - Warning regarding your account contains the trojan Kobcka
MX Lab intercepted some emails regarding a temporary locked account because someone may have been accessing the account. The email is not send on behalf of a company, like for example a bank, but is s... - Warning regarding your account contains trojan FakeAV
Yesterday, MX Lab intercepted some emails regarding a temporary locked account because someone else may have been accessing the account (read the article). Today, a new trojan variant is attached in t... - “Facebook Support. Your password has been changed!” contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Facebook Support. Your password has been changed! ID09687″. Note that the nu...
Posted on 11 September 2010. Tags: contains, Email, Oficla, regarding, transaction, Trojan, Union, Western
