Phony VirusTotal Website Pushing Scareware

Cyber criminals are exploiting VirusTotal (a well-known service for file analysis) to install scareware on users' computers. By using a new e-mail campaign, these crooks are duping people so that they visit a malevolent website hosted at 'virus-total.in.'

VirusTotal.com is a free online scanning service for malware, particularly virus. Submitters can assess any file put to test against multiple malware scanners. These scanners count to 40 anti-virus engines together with other tools. Consequently, it isn't astonishing to find malware writers attempt to abuse VirusTotal name for making personal gains.

Security researchers at Sophos said that a spam campaign was touting a fake domain pertaining to virus-total in the guise of a private e-mail on a forum. The e-mail used scare tactics so that users went to the scareware distributing website.

The e-mail claimed that the recipient's computer indicated virus activities on it.

Meanwhile, Julio Canto, Project Manager at VirusTotal, issued a warning of the fake virus-total.in website through Twitter.com, as reported by Softpedia on February 27, 2010.

An unsuspecting visitor accessing the fake website would find false security alerts along with bogus antivirus scans that deceive him into loading SecurityTool (a fake anti-virus program). Cyber criminals commonly employ such fake security software to demand cash for worthless licenses, or to seize credit card information.

The fake website has an interesting aspect. Its "Windows Security Alert" dialog box is really an object with delaying tactics. After the bogus malware scan, one more pop-up appears directing that the user should download a file, security_tool_setup.exe. Clearly, this executable (.exe file) is harmful and another amongst the FAKEAVs.

Sophos has detected this executable as Mal/FakeVirPk-A.

Chris Boy, Senior Threat Researcher at Sunbelt, states that this type of scam has a bad side-effect in that the genuine Virus Total may begin getting e-mails from the fake site's victims. Users are reminded that VirusTotal's real domain is VirusTotal.com. So they shouldn't trust this scam, Boy advises, as reported by Softpedia on February 27, 2010.

Finally, it is vital to remain vigilant of malicious web-links even if they arrived from a known person.

Related article: PM’s Official Web Site Targeted By Hackers

» SPAMfighter News - 09-03-2010

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial