Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Very recently, cybercriminals have found another avenue to lure victims into their trap by using Microsoft as bait.

    A screen shot of one such campaign is shown in Figure 1 below. The email asks the recipient to download and install the attached .zip file (shown in Figure 2) which is actually a malicious file which purports to scan their computer of possible Conficker worm infection.

    Noticeable to these spam mails are the forged headers. The From field is the same as the address of the recipient (Figure 3).

    Click for larger view Click for larger view Click for larger view

    The executable file contained in the attached .zip file is a FAKEAV variant detected as TROJ_FAKEAV.BL. Upon execution, TROJ_FAKEAV.BL displays a splash screen for the fake antivirus Power-Antivirus-2009 as shown in Figure 4. It then displays the following fake scanning window to trick users into thinking that the executed file is a legitimate antivirus application (Figure 5). It then displays the following fake alerts that warns users of infection, as shown in Figure 6.

    Click for larger view Click for larger view Click for larger view

    With the spam message blocked and malicious file detected, Trend Micro users are fully protected from this attack. Non-Trend Micro product users on the other hand are advised to use HouseCall, Trend Micro’s scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice