Major fake anti-virus attack spreading
Date of Publishing: 26/8/2010
Computer users should be cautious in the wake of a widespread spam campaign designed to infect users with fake anti-virus products.
If recipients open HTML files attached to the spam emails, their web browser will be directed to a hacked website containing a malicious iFrame that allows the fake anti-virus attack to be launched.
The emails that have been intercepted by SophosLabs have a variety of different themes ranging from credit card charges to free-to-view holiday photographs.
The emails have subject lines such as:
- Parking Permit and/or Benefit Card Order Receipt -
- You're invited to view my photos!
- Appointment Confirmation
- Your Bell e-bill is ready
- Your Vistaprint Order Is Confirmed
- Vistaprint Canadian Tax Invoice ()
"A scam like this can be extremely successful at passing revenue directly and quickly into the hands of hackers - so we all have to be on our guard," said Graham Cluley, senior technology consultant at Sophos. "The attacks are designed to trick people into paying to remove threats from their computer that never really existed in the first place. Once a user's computer is infected with fake anti-virus, the software will continue to bombard the user with bogus warning messages to encourage them to pay for threats to be removed or install more malicious code onto their PC. If computer users are concerned about the security of their machine, they should go directly to a legitimate IT security site, rather than put their trust in a criminal hacking gang."
Sophos detects the malicious email attachments as Troj/JSRedir-CH, and the fake anti-virus attack as Mal/FakeAV-EI.
Fake anti-virus scams are usually very successful as hackers prey on human gullibility, poorly protected websites, and the tried-and-trusted trick of scaring users into believing that they have security problems on their PC. This can lead users into downloading dangerous software onto their computers and handing over their credit card details.