Aggressive Rogue AV Scare Techniques Adopted by Malware Spammers to Spread Infections

Cybercriminals are always on the lookout for new and creative ways to scam PC users out of money. Afterall, their main objective in life is apparently to steal as much money as possible off of the heels of fake anti-virus programs.

Fake antivirus or antispyware applications have been the workhorse for a multitude of cybercrooks seeking to extort money from unsuspecting computer users. Most recently, spammers have adopted alternative methods to spread these rogue-AV programs through antagonistic spam messages.

WebSense recently detected a method spammers are using to pass-off email messages as ones that come from legitimate security firms. The main tactic used in the spam messages are spoofed email addresses such as scanner@symantec.com, virusscan@secureroot.com, noreply@verisign.com, scan@sophos.com, symantec@sophos.com and scanonline@f-secure.com.

If you take notice to the domains of the recently spoofed email addresses, you will immediately notice that they are all legitimate sites belonging to authentic security companies. Spoofing email addresses in spam campaigns is nothing all that new under the sun. Hackers and spammers have been doing it for years. This time cybercrooks have wised up and used what has been detected as a low-volume campaign, to lure victims to malicious software on emails supposedly from many legitimate security firms.

The messages in these aggressively targeted spam messages encourage users to click on a link. After the link is clicked, it will initiate a system scan indicating the PC is infected with a nonexistent W32.Swizzor.C-Worm threat. The user is then directed to a malicious executable.

The spam author makes the case of offering free antimalware software applications from the supposed security vendor very convincing, which is why this particular type of spam campaign is considered to be an aggressive technique of scamming PC users.

The subject of these particular spam emails is rather generic reading: "[Symantec] - Your e-mail account may be blocked". Part of the clever tactic of foiling PC users, the 'Symantec' part of the subject line is replaced with a security company corresponding to the particular spoofed email.

PC users are urged to avoid clicking on links within questionable emails, even if they appear to have come from a legitimate security firm.