Trend Micro recently discovered malware posing as the Trend Micro iClean tool being sent through email by Chinese hackers. This is a screenshot of the email message:
Figure 1. Spam email in Chinese looking very much like it came from Trend Micro.
The email message was fashioned to look like an email message sent by Trend Micro, with the file attachment iClean20.EXE.
But be warned: iClean20.EXE is detected by Trend Micro as TROJ_FAKECLEAN.A. TROJ_FAKECLEAN.A drops two files, one detected as BKDR_POISON.GO and the other, the real iClean tool. Dropping the legitimate tool along with the malware must have been done to fool users that the message was indeed from Trend Micro, and that the tool was the only file downloaded into their systems.
BKDR_POISON.GO opens a random port and allows a remote user to execute commands on the affected system.
- Remove common viruses and Rootkit program
- IE cache folder clean-up
- Temp folder clean-up system
- Collection trend antivirus software virus logs
- Collection of diagnostic information related to malicious code
The real Trend Micro iClean tool is available for download at the Trend Micro Taiwan site:
Figure 2. The real Trend Micro iClean tool at the Trend Micro Taiwan site.
Trend Micro will NEVER send tools or applications through email. Trend Micro advises users to be wary in opening and downloading attachments from unknown users and to download tools or applications from trusted sites only.