Sophos warns of fake anti-virus spam campaign

[nsane.forums]

Llatest scareware outbreak features emails with malicious HTML attachments

Security vendor Sophos is warning of a major spam campaign designed to trick users into downloading fake anti-virus software.

In a blog post, Sophos senior technology consultant Graham Cluley explained that the unsolicited emails arrive with subject lines such as “You're invited to view my photos!”, “Appointment Confirmation”, or “Your Bell e-bill is ready”.

“Opening the attached HTML file, however, redirects your web browser to a hacked web site containing a malicious iFrame [which Sophos detects as Troj/Iframe-FK],” said Cluley.

“This, in turn, loads scripts from other web sites that load a fake anti-virus attack that Sophos detects as Mal/FakeAV-EI.”

This particular fake AV often disguises itself as a bogus version of McAfee VirusScan, warned Cluley.

“So, in this attack, the hackers are using a mixture of human gullibility, poorly protected web sites, and the tried-and-trusted trick of scaring users into believing that they have security problems on their PC to con them into downloading more dangerous software or handing over their credit card details,” he wrote.

Cyber criminals are increasingly looking to scareware of this kind to trick users into parting with their cash. In a new blog post, Symantec Hosted Services noted that fake AV had even infected one of the public access internet connected PCs in an airport terminal.

View: Original Article