Fake AV update notifications deliver malware
Posted on 22.11.2013
Spam emails impersonating a variety of antivirus vendors have been spotted targeting worried users around the globe, urging them to download and run an “important system update.”

“It's highly important to install this security update due to the new malware circulating over the net,” says in the email. “To complete the action please double click on the system patch KB923029 in the attachment. The installation will run in the silent mode. Please pay attention to this matter and inform us in case there is a problem.”

Unfortunately for those who fall for the trick, the ZIP email attachment actually carries a downloader Trojan that, after contacting a remote server, downloads a Zeus Trojan variant from it and installs it on the victims’ computer. It also creates a new registry key to make Zeus run every time the computer is restarted.

According to Symantec researchers, the spam campaign impersonates a slew of well-known AV companies such as AntiVir, Avast, AVG, Avira, Kaspersky Lab, Trend Micro, Symantec, and others, and offers “updates” for different AV solutions.

Users are advised not to click on links in or download attachments from unsolicited emails, and not to provide any personal information when replying an email. In this particular case, the spelling mistakes in the email point to it being a fake, but users should be wary of this type of emails even if they are written correctly.


Crowdsourcing your bug bounty program

David Levin, Director of Information Security at Western Union, talks about crowdsourcing their bug bounty program and the lessons learned along the way.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Mar 30th