Malware Scam Purportedly from Pearl Jewelry Maker Circulating Online
Dancho Danchev, security consultant working independently has said that one fresh malware scam through spam mails is presently circulating online, while pretending as a message from BoBijou the maker of pearl jewelry.
States the fake e-mail while acknowledging the recipient's placement of an order with BoBijou Inc., the company has received his order as also it is undergoing processing. Subsequently, the e-mail provides a number for the order stating that it'll be required for all correspondences made. The acknowledgement in the e-mail, however, isn't evidence that a purchase has been made. An invoice will be dispatched by post to the recipient's billing address, the message continues. And since the recipient wishes to use the credit card mode of payment, an amount of $262 will be debited to his card under BoBijou Inc.'s name.
The e-mail also tells the recipient that he will get a different electronic mail substantiating that his order is on the way, adding that a given attached document provides his purchase as well as product handing-over details.
But on viewing the attachment named "Order details.exe," a Trojan downloader actually gets installed, according to Mr. Danchev.
Careful examination of the malware campaign reveals that the Trojan getting disseminated is Trojan.FakeAV, which's a scareware application. This scareware apparently has a detection rate which's merely 60% on VirusTotal.
Remark security specialists, the use of attachments for disseminating malicious programs is a tactic, which cyber-criminals have long used and largely continue to do so even today.
And since the above kinds of malware scams are so malicious, security researchers recommend end-users that they should adopt certain security measures. These are not viewing or saving any attachment that arrives in the above manner, rather they must be instantly erased. Further, anti-malware applications should be loaded so that malware assaults can be kept at bay.
Besides, an e-mail attachment received should be properly scrutinized prior to viewing it for avoiding infection. Finally, it's best to tread on safe path, so one should always remain on the watch as by stopping a malware infection on his system can save both his time and money.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 05-05-2011