Bogus Antivirus Program Attacking Brazilian Online Users
Linha Defensiva (Defensive Line), a security website, has explained the propagation method of rougeware "Byte Clark". Spam e-mails with subject lines such as "Hello, there is an invitation to graduation, date and time" embeds the bogus antivirus to propagate on the Web. A maliciously crafted PowerPoint Presentation file is attached at the end of the e-mail text.
The bogus antivirus gets active as soon as the e-mail recipient clicks on the embedded link, resulting into the malfunctioning of many executable in the system. Besides, the program affects the functions of the Window Shells which creates problems in the opening of folders in the system.
It has also been found that malware shows an error message on the screen to scare the user. But it assures him of having the solution to the error message.
However, when the user clicks on the error message, he is taken to the website "byteclark.com.br" which encourages him to purchase the fake rogueware "Byte Clark". The program costs 20.00 Brazilian Real, equal to nearly 9.7 United States Dollars.
Security researchers at Trend Micro have named the fake antivirus as TROJ_FAKEAV.BBH. If any user runs this rogueware after purchasing on his machine, it only removes those files that have been left by the original malicious attachment. Moreover, it collects some specific information from the users' machine and transmits it to an e-mail address. Hence, once the uses pays to buy the rougeware, his information is stolen by the Trojan and transmits to the e-mail address of the malware distributor.
Roderick Ordoñez, Technical Communications Specialist, Trend Micro, said that spam was a very common delivery medium for malware. It was not just confined to rogue antivirus. Scammer running this scam also depended on the users' fear to download quick solution, as reported by SOFTPEDIA on May 12, 2009. Users are advised to exercise caution while checking mail because scammers/spammers are using more catchy and courteous words to put their message across.
Another new malicious ransomware known as FileFix Pro 2009 was detected in March 2009. This ransomware seemed to be the inspiration for 'Byte Clark', said security experts.
Related article: Bugs Swell In Browsers in 2006
» SPAMfighter News - 15-05-2009