Bogus Security Alert from Organization’s Information Technology Department Leads to True Malware
E-mails posing as messages from the Information Technology department of an organization have been detected aiming at people of different corporate houses, while attempting at making them take down malicious software, published Help Net Security dated October 11, 2011.
Mentioning about a virus that has apparently infected the organization, the fake e-mail notifies the recipient that the malware has caused deletion of certain files and theft of some data.
The e-mail captioned, "IT Notice," claims as a quick warning for enabling everybody to know that their organization has encountered one fresh virus plaguing the computer systems and web-space. Consequently, information from the PCs has leaked out and certain files erased from another server, the message notes.
However, the most cunning aspect relates to a web-link that's embedded on the e-mail apparently leading onto the malware-eliminating program that's adapted as seemingly originating from the organization itself. But if followed, the victim is led onto an intermediary web-destination, which produces Trojan.Inject.ql and its associate Backdoor.Win32.Agent.aksn.
Senior Technology Consultant Graham Cluley at Sophos stated that albeit at first glance, the web-link looked as leading onto a file known as antivirus.exe obtainable from the victim's organization server itself, in reality it made his web-browser open one intermediate website. Giving an illustration, Cluley stated that suppose a victim's organization website was named example.com then the web-link would seem as connecting with www.example.com/download/antivirus.exe. Help Net Security published this.
Actually, the AV presented is one Trojan, while expectedly, the weak sentence-construction and spelling will caution numerous users about the e-mail's true character; however, there'll always be some getting panicky and instantly heading for doing as directed.
Like this, end-users are so deceived that they start trusting that they're taking down a legitimate anti-virus, the IT department of their organization has sent, but they're actually duped into loading one Trojan malware.
Hence, security researchers advise that users must know that they shouldn't ever believe e-mails arriving from any source external of the organization, while those that do arrive from internally must be re-checked prior to reacting to. Moreover, attachments inside dubious e-mails shouldn't be opened while security software always maintained up-to-date.
Related article: Bugs Swell In Browsers in 2006
» SPAMfighter News - 20-10-2011