FAKEAV Uses Conficker Worm as Bait

Very recently, cyber criminals have found another avenue to lure victims into their trap by using Microsoft as bait. A screen shot of one such campaign is shown in Figure 1 below. The email asks the recipient to download and install the attached .zip file (shown in Figure 2) which is actually a malicious file which [...]Post from: TrendLabs | Malware Blog - by Trend MicroFAKEAV Uses Conficker Worm as Bait

Very recently, cyber criminals have found another avenue to lure victims into their trap by using Microsoft as bait.

A screen shot of one such campaign is shown in Figure 1 below. The email asks the recipient to download and install the attached .zip file (shown in Figure 2) which is actually a malicious file which purports to scan their computer of possible Conficker worm infection.

Noticeable to these spam mails are the forged headers. The From field is the same as the address of the recipient (Figure 3).

Click for larger view Click for larger view Click for larger view

The executable file contained in the attached .zip file is a FAKEAV variant detected as TROJ_FAKEAV.BL. Upon execution, TROJ_FAKEAV.BL displays a splash screen for the fake AV Power-Antivirus-2009 as shown in Figure 4. It then displays the following fake scanning window to trick users into thinking that the executed file is a legitimate antivirus application (Figure 5). It then displays the following fake alerts that warns users of infection, as shown in Figure 6.

Click for larger view Click for larger view Click for larger view

With the spam message blocked and malicious file detected, Trend Micro users are fully protected from this attack. Non-Trend Micro product users on the other hand are advised to use HouseCall, Trend Micro’s highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.

`

Post from: TrendLabs | Malware Blog - by Trend Micro

FAKEAV Uses Conficker Worm as Bait


Read Full Article
GSO
Written on Wednesday, 21 October 2009 10:20 by GSO

Viewed 37 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of Network Security & Hacking News  Network Security & Hacking News / Subscribe to the RSS feed of Latest Security News  Latest Security News
Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

  • News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
  • News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
  • News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
  • News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
  • Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38
blog comments powered by Disqus
back to top

Site Search

Disqus Tools