Sophos Reports Spam Run Delivering Malware Supposedly from Anti-Virus Firms

Sophos the security company warns that spammers are distributing junk electronic mails supposedly from different anti-virus firms while trying to dupe Internauts into planting malicious software onto their PCs.

Apparently, these fake e-mails arrive from security companies Kaspersky, AVG alternatively Microsoft too.

All of them read quite the same stating that it is extremely vital for loading a given security update as protection from one fresh malware circulating online. For completing the loading, users are requested to click on KB923029, label for the update, obtainable from a given attachment. It shall be within silent mode that the loading will occur.

Concluding, the e-mails request for users' attention towards the message and them informing the security companies (senders of the e-mails) if there's any problem.

But, the only thing that definitely happens through the e-mails is the loading operation within silent mode, though of certain malware rather than the claimed security update.

The file inside the e-mails' attachments is labeled HOTFIX_patch_KB.exe that conceals one ZeuS variant the Trojan created for filching confidential data from contaminated PCs. The threat according to Sophos is detected as HPMal/Zbot-C.

Security Researcher Paul Ducklin observes that indeed there isn't any KB923029 system patch, while if there at all was one, no firm of repute would ever distribute security patches through electronic mails. Nakedsecurity.sophos.com published this dated November 21, 2013.

Actually, by exploiting people's anxiety following dearth of knowledge of new malware threats, particularly the latest Cryptolocker a ransom malware that the current bulk electronic mail campaign has fructified. The social engineering used in it lures end-users to click on as also load the malware devoid of really perceiving whatever content they're in fact downloading.

Meanwhile, Symantec has identified more spam assaults of the same kind where the firms spoofed are Avast, AntiVir, Trend Micro and Avira, with the malware programs as WS.Viral.1, Trojan.Zbot and Trojan.Gen.

Conclusively, for remaining safe from such socially-engineered e-mail scams, it's advisable that users don't click dubious web-links within e-mails, don't view attachments from unknown senders or if they're unexpected, as well as run all-inclusive security software that safeguards from social-networking or phishing attacks.

» SPAMfighter News - 12/2/2013