Fake Antivirus Email Spreads Malware

/ November 23, 2013

An email claiming to alert you to an antivirus software update has been infecting it’s victims with a variant of the Zbot Trojan. The email suggests, by referencing “the new malware circulating over the net”, that the critical update will protect you from CryptoLocker. With all of the reports about CryptoLocker it would be hard not to make the association.

Here is a sample of one such email:

Although this particular email appears to be from Microsoft Security Essentials the criminals have sent spam impersonating other antivirus companies. For example other subject lines read:

Windows Defender: Important System Update –
requires immediate action

AVG Anti-Virus Free Edition: Important System Update –
requires immediate action

AVG Internet Security 2012: Important System Update –
requires immediate action

Kaspersky Anti-Virus: Important System Update –
requires immediate action

Microsoft Security Essentials: Important System Update –
requires immediate action

While subject lines may change the body of the email does not:

Important System Update – requires immediate action

It’s highly important to install this security update due to the new malware circulating over the net. To complete the action please double click on the system patch KB923029 in the attachment. The installation will run in the silent mode. Please pay attention to this matter and inform us in case there is a problem.

It is important to remember NO SYSTEM PATCH OR ANTIVIRUS UPDATE GOES OUT OVER EMAIL. System patches are ONLY offered through the Microsoft update utility. Antivirus updates are ONLY ever performed by the update feature within the antivirus software.

The ZIP file you are asked to downloaded contains a program (.exe file) that installs a variant of the Trojan Zbot.

The Trojan creates a random file name installed at:

C:\Documents and Settings\%USER%\Application Data\

To ensure it is started each time you log on or reboot the Trojan creates the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Be careful of phishing attacks. To protect yourself remember:

  • Don’t neglect to keep your software patches up to date – but never by email.
  • Don’t open email attachments you weren’t expecting.
  • Don’t believe emails that claim to be sending you a security patch – by email.

See my book for more information on protecting yourself.

BookCover1

Related posts

2 thoughts on “Fake Antivirus Email Spreads Malware

  1. Pingback: URL

  2. I see a lot of interesting posts on your website. You have to spend a
    lot of time writing, i know how to save you a lot of time,
    there is a tool that creates readable, SEO friendly posts in couple of
    seconds, just search in google – k2 unlimited content

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s