Aggressive Rogue AV Scare Techniques Adopted by Malware Spammers to Spread Infections

By GoldSparrow in Computer Security | 49 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
 More... More

rogue av spam spreadingCybercriminals are always on the lookout for new and creative ways to scam PC users out of money. Afterall, their main objective in life is apparently to steal as much money as possible off of the heels of fake anti-virus programs.

Fake antivirus or antispyware applications have been the workhorse for a multitude of cybercrooks seeking to extort money from unsuspecting computer users. Most recently, spammers have adopted alternative methods to spread these rogue-AV programs through antagonistic spam messages.

WebSense recently detected a method spammers are using to pass-off email messages as ones that come from legitimate security firms. The main tactic used in the spam messages are spoofed email addresses such as scanner@symantec.com, virusscan@secureroot.com, noreply@verisign.com, scan@sophos.com, symantec@sophos.com and scanonline@f-secure.com.

If you take notice to the domains of the recently spoofed email addresses, you will immediately notice that they are all legitimate sites belonging to authentic security companies. Spoofing email addresses in spam campaigns is nothing all that new under the sun. Hackers and spammers have been doing it for years. This time cybercrooks have wised up and used what has been detected as a low-volume campaign, to lure victims to malicious software on emails supposedly from many legitimate security firms.

The messages in these aggressively targeted spam messages encourage users to click on a link. After the link is clicked, it will initiate a system scan indicating the PC is infected with a nonexistent W32.Swizzor.C-Worm threat. The user is then directed to a malicious executable.

The spam author makes the case of offering free antimalware software applications from the supposed security vendor very convincing, which is why this particular type of spam campaign is considered to be an aggressive technique of scamming PC users.

The subject of these particular spam emails is rather generic reading: “[Symantec] – Your e-mail account may be blocked”. Part of the clever tactic of foiling PC users, the ‘Symantec’ part of the subject line is replaced with a security company corresponding to the particular spoofed email.

PC users are urged to avoid clicking on links within questionable emails, even if they appear to have come from a legitimate security firm.

This entry was last updated on 08/30/12 and posted on 08/30/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Exp/20124681-A
Win 8 Security System »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Follow ESG

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.