New Spam Campaign Involves AV Firms’ E-mail Ids after having been Spoofed

According to researchers from Websense a security company, Internet criminals have started spoofing many renowned antivirus firms' e-mail ids to deceptively make unwitting Internauts take down one malevolent file after telling them it'll cleanse an infection, which actually doesn't exist, and thereafter result in the distribution of infected e-mails from their PCs.

Websense, on August 28, 2012, informed that it managed to stop 2,700 such infected e-mails the day before, portraying the malicious campaign as being of not very high volume.

According to the company, the spam campaign, which consisted of brands such as Sophos, Symantec, Secure Root, VeriSign and F-Secure, depicted the spoofed ids as scan@sophos.com, scanner@symantec.com, virusscan@secureroot.com, symantec@verisign.com, scanonline@f-secure.com, noreply@verisign.com and symantec@sophos.com.

Moreover, the current spam scam, similar to any scareware trick, encourages e-mail recipients in following a web-link, which tells them they require taking down one malevolent .exe file, because one (fake) security scan has found a non-existent W32.Swizzor.C-WORM malware infecting their systems.

The spam mail's sender asserts that the web-link points to one non-chargeable malware-removal software the mentioned anti-virus firm is offering.

And the subject line mentioned is: "[Symantec] -Your e-mail account may be blocked," highlights Websense.

According to the security company, as depicted from the RemovalTool.exe executable file's activity, the particular file looks dangerous. It diverts HTTP-traffic onto a remote server harboring malevolent items; installs .exe documents; transmits HTTP-traffic directed at an unclassified server; and writes to a directory's system-of-files on the end-user's machine that usually malware uses.

Besides, Websense further says that merely 3/42 anti-virus engines of VirusTotal could recognize the file's malevolent nature.

Unfortunately, it's because of the above kinds of malware-laced spam outbreaks that there's an increase in malware online, remark security researchers from Websense. Their statement gets the backing of PandaLabs that lately issued its Q2-2012 quarterly report dealing with IT security incidents of April-June 2012 that states that over 6m fresh malicious programs were designed during the second quarter of 2012 itself.

Eventually, for warding off such harmful bulk e-mail scams, security specialists recommend up-to-date anti-spam and anti-virus solutions for Internet-users. They further suggest users for erasing such fraudulent messages instantly before even viewing them.

Related article: New Spam Mail Charges For IPod

» SPAMfighter News - 9/4/2012