New FAKEAV Impersonates Windows Automatic Updates Dialog
According to the news from Softpedia published on August 18, 2010, a Trojan virus disseminated through bogus DHL e-mails is planting fresh scareware that looks like a Windows Automatic Updates dialog box so that users may be tricked into thinking that the fake application is real.
Understandably, the attack begins by sending one spam mail apparently from DHL International, stating that the package the e-mail recipient wanted delivered couldn't be handed over at the address the courier company was given. Thus the user must take a print out of the document, apparently included in a given attachment as well as use it for collecting the undelivered package, it tells.
Meanwhile, according to virus researcher Sven Carlsen with Avira who carefully studied the attack, spam mails purporting to be from UPS or DHL that delivered malware weren't anything new. Such e-mails were frequently got, and often the malicious program included, was a member of the Zeus or Zbot family of trojans that stole data on Internet bank accounts. However, the current Trojan belonged to the Oficla group that downloaded even more malware following its execution. Avira website published this in news on August 18, 2010.
Understandably, the Oficla Trojan helps to distribute scareware programs, which in the current instance is named 'Antimalware Doctor.'
Interestingly, during the attack, prior to the popping up of scareware's real interface for exhibiting a bogus malware scan, the user sees the Windows Automatic Updates screen.
The screen displays just a single product from among the updates series that's named 'System Security Pack 2010.56.111 (Antimalware Doctor Upgrade; KB949779).' Once the "upgrade" is loaded onto the victim's computer, 'Antimalware Doctor,' the phony AV program begins to perform a malware scan and certainly discovers malicious program(s).
Like always for a bogus anti-virus, when the scan finishes, the user finds a result dialog box that indicates that malware is on the system and suggests that he purchase the complete edition of the scareware for eliminating the infections.
Incidentally, the malware purveyors, trying to make the user feel more convinced about the product, offer many renowned awards such as 'Softpedia' or 'Laptop Editors choice.'
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 24-08-2010