Western Union Malware Surge
Outbreak Dates: 5-11-09 - 5-18-09
Outbreak Filters Protects Users Hours Before AV Solutions
Summary
IronPort's Virus Outbreak Filters again protects customers within the critical period between the first exploit of a virus outbreak and the release of an AV signature. During the week from May 11th to May 18th 2009, five different malware outbreaks purportedly from Western Union were sent to unsuspecting users. Virus Outbreak Filters protected customers for a total of 17 hours* before the first major anti-virus vendor provided protection for each of these attacks.
Outbreak Details
Between May 11th and 18th, 2009, five different email attacks were sent which falsely claim that money sent via a Western Union money transfer needs to be returned. The email recipient is instructed to print an invoice attached to a .zip file. The .zip file instead contains an executable file that attempts to infect the target system with malicious code.
The malicious code installs a rootkit trojan along with a keylogger application that attempts to steal user credentials, including online banking account information. The trojan also disables the software firewall of the recipient to allow remote access to the system and monitors internet activity.
Virus Outbreak Timeline
TOTAL: 17 hours 16 minutes additional protection from first AV vendor.
*Vendor signature times per AV-Test. Signature times from the following vendors: Sophos, Trend Micro, Symantec and McAfee. Generic signatures not included.
