Malware Disguised as Security Software

Friday, August 31, 2012 @ 03:08 PM gHale


There is now a spam campaign hitting the cyber street that impersonates popular antivirus vendors in an attempt to trick end and corporate users into downloading and executing the malicious attachment.

The campaign is low-volume, and is currently impersonating Symantec, F-Secure, Verisign and Sophos, said researchers at Websense.

RELATED STORIES
Intuit Spam Comes Back
Malware Targeting BlackBerry Users
Losses Hike in Phishing Attacks
Malware Continues Growth Cycle

The malicious payload (MD5: ebb4ac5bb30b93e38a02683e3e7c98c6) is currently detected by 3 out of 42 antivirus scanners as Trojan.Agent/Gen-Banload; TROJ_GEN.R47H1HR.

Upon successful execution, the sample phones back to hxxp://bluemountain-ecards.net/images/loader.php (69.73.138.167), hxxp://asselegis.org.br/images/txt.txt (187.73.33.54), hxxp://basketcoach.com/images/logos/Plugin.dll (94.23.235.157).

While it may be difficult, users need to avoid interacting with the emails, and to consider reporting them as spam as soon as they come across them.



Leave a Reply

You must be logged in to post a comment.