Proofpoint: Security, Compliance and the Cloud

Virus hunter Patrik Runald from our anti-virus partner, F-Secure, Tweeted just now about a blended threat they are seeing. There seem to be a large volume of malicous emails spoofing Western Union that include a malicious attachment that F-Secure says is the Zbot trojan, which aims to steal online banking information. (You can read F-Secure's description of Zbot here.) Click the image at left for a full-size example of these emails.

 Looking at our own spam traps, I see that there are quite a few of these messages The text of these messages, which have subject lines like "Western Union Transfer MTCN:" followed by a random number. A typical message reads:

Dear client!

The money transfer you have sent on the 6th of March hasn't been received by the recipient.
Due to the Western Union treaty the transfers which are not received in 30 business days are to be returned to sender.

To collect money you need to print the invoice attached to this email and visit the nearest Western Union office.

Thank you! 

It goes (almost) without saying that, if you should receive one of these messages, you should not open the attachment.

Proofpoint Virus Protection blocks these messages because of the malicious attachment, of course, and I also see that our connection management system, Proofpoint Dynamic Reputation, has been scoring most of the source connections as highly suspect (mostly "100" - indicating an assuredly malicious connection) scores.

Just the latest example of the classic blended threat. For more on blended threats, refer to the replay of Proofpoint's recent web seminar "Defend Against Blended Threats: What You Need to Know." And for more info from Patrik Runald, follow him on Twitter @patrikrunald and check out my video interview with him from a previous blog post.