The Latest in IT Security

Fake AV Propels Visa Card Scams

17
Aug
2011

More old wine in a new bottle: Spammers have used the same payload that we saw in an earlier UPS scam to target more victims. Looks like the spammers ran out of new binaries.

Last weekend McAfee observed scams spread across the world that claimed to have come from Visa Customer Services. The mail had the subject “Your credit card has been blocked – Central European (ISO).”

Scam mail

The mail included the malicious executable “VISA_complete_NR<Randomnumber> .doc________________.exe” zipped into a file with a random name. The malware was packed with another executable that was a fake antivirus program. At McAfee we observed that this same payload has been distributed across the world with different names using different scam campaigns. Some filenames:

  • ups_invoice_id865165475837266465.doc________________.exe (UPS Scam)
  • mastercard_invoce_id65729217565333.doc________________.exe
  • visa_complete_nr62178865627245.doc________________.exe

 

The dropped malware randomly chooses the rogue AV payload (XP Security 2012 or Personal Shield Pro, to name two) from the remote server. McAfee products detect these payloads as FakeAlert-AB.dldr.

 

Unlike earlier variants, these binaries did not have the icon of a document file, so they were not covert enough to hide from users. Our cloud-based Artemis technology revealed that this scam was a global target.

The figure below from Artemis shows this malware has spread across the world.

 

All McAfee customers are protected against this malware. McAfee Labs reminds the public to pursue safe email practices.

Leave a reply


Categories

FRIDAY, OCTOBER 30, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments