The Latest in IT Security

Fake AV Software Updates Are Distributing Malware

22
Nov
2013

Fake AV 1 edit.png

Contributor: Joseph Graziano

A new clever way of social engineering spam is going around today that attempts to trick users into running malware on their computers. The methods malware authors are using include emails pretending to be from various antivirus software companies with an important system update required to be installed by the end user, along with attaching a fake hotfix patch file for their antivirus software. The email plays on end user concern over the lack of detection, especially in the face of the latest threats showcased in the media recently, such as the Cryptolocker Trojan. This type of social engineering entices users to open and install the hotfix without using much discretion as to what they may be actually installing. 

Symantec has observed a number of different email subject lines that include many well-known antivirus software companies:

  • AntiVir Desktop: Important System Update – requires immediate action
  • Avast Antivirus: Important System Update – requires immediate action
  • AVG Anti-Virus Free Edition: Important System Update – requires immediate action
  • Avira Desktop: Important System Update – requires immediate action
  • Baidu Antivirus: Important System Update – requires immediate action
  • Cloud Antivirus Firewall: Important System Update – requires immediate action
  • ESET NOD32 Antivirus: Important System Update – requires immediate action
  • Kaspersky Anti-Virus: Important System Update – requires immediate action
  • McAfee Personal Firewall: Important System Update – requires immediate action
  • Norton AntiVirus: Important System Update – requires immediate action
  • Norton Internet Security: Important System Update – requires immediate action
  • Norton 360: Important System Update – requires immediate action
  • Symantec Endpoint Protection: Important System Update – requires immediate action
  • Trend Micro Titanium Internet Security: Important System Update – requires immediate action

Although the subject line changes, the attached zip file containing the malicious executable stays the same.

Once the malware is executed, a connection is made to networksecurityx.hopto.org to download another file. The malware is using a process called ozybe.exe to perform tasks.

Protection & best practices

The Skeptic scanner of Symantec Email Security.cloud can block this and similar emails before it can even reach the end user. In addition, Symantec also detect the files associated with this attack using the following signature names:

Symantec advises following best practices to avoid becoming a victim of social engineering spam attacks:

  • Do not click on suspicious links in email messages.
  • Do not open any attachments from recipients you do not know or expect an attachment from.
  • Do not provide any personal information when replying to an email.
  • Use comprehensive security software, such as Norton Internet Security or Norton 360, which protects you from phishing and social networking scams.
  • Exercise caution when clicking on enticing links sent through email or posted on social networks.

Leave a reply


Categories

SATURDAY, AUGUST 24, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks