A non repairable threat attack has continued since Sunday, against all Microsoft Windows operating systems (not DOS) eminating from Ukraine, Russia and Turkey. Trojan comes attached to a phishing spam claiming to be from Western Union.
Over the weekend and continuing into today, UGN spam traps have followed a series of phishing attacks eminating from (95.72.80.168) JSC CenterTelecom, Moscow, Russian Federation ; (93.72.84.185) Volia ISP Network, Kiev, Ukraine (UA) claiming to be from the U.S. Western Union ; and (88.252.6.29) Turk Telekom, Ankara, Turkey. We have received a total of 18 attempts, since Sunday morning, all containing the same attached trojan.
> Subject: Western Union Transfer MTCN
> Dear Customer!
> The money transfer you have sent on the 6th of April was
> not received by the recipient.
> According to the Western Union contract the transfers which
> are not received in 15 business days are to be returned
> to sender.
> To collect funds you need to print the invoice attached
> to this letter and visit the nearest Western Union office.
The attachment is : mtcn_invoice.zip
DO NOT DOWNLOAD OR UNZIP THE ATTACHMENT UNDER MICROSOFT OPERATING SYSTEM.
MALWARE : MTCN_INVOICE.exe
This file is detected as Infostealer.Banker.C.
Sending this file to the Semantec alert center, the report wrote:
> MTCN_INVOICE.exe is a non-repairable threat.
> Please delete this file and replace it if necessary.
If you operate Microsoft OS equipment, download the latest available definitions and patches from your trusted virus protection provider.
We have reported each of these attacks, but they continue.
During 2008, Symantec has discovered and reported on 1,656,227 Trojans, worms, virus, and other malicious attacks to Microsoft and UNIX operating systems — a 165 percent increase over 2007.
See: www.symantec.com/business/theme
