Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


New Scareware Circulation E-mails Link to Malicious Files Harbored at Rapid Share

Recently, security researchers at the Belgian security firm MX Lab have warned netizens regarding a new series of malicious e-mails that directs netizens into installing scareware harbored at RapidShare.

According to the security vendor, the e-mails are being sent from arbitrarily fake addresses and their content is precise. The text of the e-mail only includes a link i.e. http://rapidshare.com/files/[censored]/surprise.exe.

Size of the malware file is 384 kB and its name is surprise.exe. The file presently has a quite less rate of AV detection on Virus Total with 16 amongst 43 anti-virus engines hampering it. Few of the products identify it as bogus anti-virus software, also called as rogueware or scareware, whereas others identify it as a Trojan downloader. This Trojan is named as Win32: Trojan-gen (Avast), Gen:Variant. FakeAlert.47 (F-Secure), Mal/FakeAV-EE (Sophos).

According to the reports, the scareware account would be quite relevant to the MX Lab's study, which states that the malware installs a 217103390.exe file (name can vary) in the 'Application Data' folder and installs a shortcut of "Security Shield.lnk" in the 'Programs' folder.

Further, another window will be displayed on the desktop of the machine, which notifies that security program has been successfully installed onto the system. Besides, a startup registry is
made under:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce,to check that the program again starts after completion of rebooting process.

RunOnce keys only help in one time executing of the programs and afterwards they delete themselves. Thus, it's possible that the application can reform this key every time after the running process.

According to the security experts, scareware circulation is a very lucrative business for cybercrooks, which utilize the earned money to finance other illegitimate activities. A quick Google search for this risk discloses reports of same short e-mails, which just circulate hyperlinks to a file named surprise.exe harbored at RapidShare, dating back to 2007.

In those incidences, netizens stated that the fake e-mails were sent via their personal e-mail accounts to all the contacts of their account. It is thus probable that hacked e-mail boxes might be utilized as bait in these attacks.

Moreover, netizens are suggested to be extra vigilant, while dealing with e-mails that include hyperlinks, even if they seem to have come from reliable sources. Moreover, netizens should remain more alert when the enclosed links indicate to .exe files.

Related article: New Zealand Releases Code To Reduce Spam

ยป SPAMfighter News - 12/24/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page