‘Request rejected’ spam campaign leads to fake AVPosted: April 15, 2011 1:10 pm
By: InfoSec News - Information Security
A spam e-mail campaign carrying a malicious attachment designed to download and run a fake AntiVirus (AV) solution on the recipient’s computer is hitting inboxes around the world.
The subject of the e-mail is “Request rejected.” The message does not contain any clue as to what the rejected request might be, and since the purported sender and its e-mail address do not offer any additional information, many users might be tricked into downloading the attached zip file to find out more information.
According to CA researchers, the zipped attachment contains a file by the name of EX- 38463(dot)pdf(dot)exe, which is a downloader trojan that connects the computer to hdjfskh(dot)net, from where it downloads and executes a fake AV variant.
The fake AV has the ability to change its name based on which version of Windows OS the computer
runs: XP, Vista, or Win7. It also has a variety of fake alert windows that it uses to great effect to scare the victims into believing their computer is affected by malware.
If you receive an email with this or similar subject, do not be fooled and do not click on the link.