August 23, 2008Phony Anti-Virus Software
The malware lure du jour advertises security software for home or business, depending on which variant of the email you receive. Here are a few Subject: lines I've seen:
- Business Security Software
- You Computer Security. For you home.
- A new standard of Internet threat protection for your home.
The first line of the messages varies, but the balance of all the messages I've seen are identical. Here's one variant:
Anti-Virus Nero Advanced Pro. 2008. Download last update! <http://[removed].com/dhl/dhl.php>
6 month free trial!
A new standard of Internet threat protection for your home or small office.
Award-winning protection against viruses and spyware, identity theft and phishing, hackers and spam.
Anti-Virus Nero Advanced Pro. 2009 antivirus software with maximum spyware protection.
Protects against viruses, Trojans, and worms, spyware and adware, rootkits, identity theft and phishing attacks.
Advanced proactive protection, unmatched system performance,
automatic hourly updates and the fastest response to the latest threats.
All URLs of the ones I've seen (all hijacked web servers) lead to a PHP program called dhl.php, which automatically downloads name.avi.exe to a visiting PC. That Trojan downloader is recognized by most legitimate antivirus software, according to a VirusTotal scan.
Accepting an invitation to download and install unknown antivirus software from an unknown sender is about as safe as French-kissing a stranger in the influenza ward. Both lead to infections that you don't really want to experience.Posted on August 23, 2008 at 07:55 PM