Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Fake/rogue antivirus strikes again, this time targeting the users in Brazil. Like in today’s malware trends, it did not come alone.

    It initially starts with a spam message:

    Hello, I am sending you my invitation to the graduation location, date and time

    Hello, I am sending you my invitation to the graduation location, date and time.
    I count on your presence.
    We are there,
    Abraços …

    ConviteFormatura.pps (52KB)

    fakeantivirustargetsbrazilThe malware gets installed once the user opens the attachment—which leads to the malfunction of several executables in the system. The malware is also able to disrupt the normal functions of the Windows shell, consequently resulting in difficulty opening folders.

    Attempts to open files created in the programs affected by this malware would result to the display of a fancy error message reassuring the user that there is a solution to the error being experienced. Clicking the said message’s [Click here] button brings the user to the Brazilian site Byte Clark, which offers yet another fake antivirus by the same name. Users are then advised to purchase the program to restore the system (a routine which therefore qualifies this as ransomware).

    Trend Micro detects the fake antivurs as TROJ_FAKEAV.BBH. Running the program only removes the files added by the original malicious attachment. It is also able to collect specific data from the user’s computer and send it to a predefined email address.

    Spam is a common delivery vehicle for malware, not just being limited to rogue antivirus. And as usual, people behind this scam rely on the user’s panic to look for a quick solution. As spammers/scammers use more pleasant/kinder wordings to get their message across, users are advised to exercise caution.

    Users under the Smart Protection Network are already protected against this threat.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice