Spam leads to malware instead of mail settings
Jan 10th, 2010 | Category: AviraAt present there are two similar waves of Spam hitting the mailboxes of Internet users, purportedly containing new settings for their mail service
Tettnang, 15 October 2009 – Many users are finding harmful Spam mail in their mailboxes, purportedly containing new settings for their email service – for example for the well-known Outlook Web Access (OWA) application
However, instead of new settings, the spam emails have harmful attachments or contain links to a website where a Trojan is to be downloaded. The emails look genuine and give the impression that they have been sent by the mail service provider’s support team.
Figure 1: The harmful emails give the impression that they have been sent by the mail service provider.
At the same time, other spam emails establish links to a website where the supposed settings file is to be downloaded. The look of this page is reminiscent of Outlook Web Access. The link in the emails is concealed: While the email text seems to refer to the recipient’s domain, the actual link leads to a fraudulent site. However, this contains the recipient’s domain as a sub domain and contains several email addresses, so that the user may be fooled if he only performs a cursory check.
Figure 2: In the second scam the recipient is prompted to download the harmful software himself.
Avira AntiSpam correctly classifies the e-mails as Spam. Avira’s developers have also added the addresses of these harmful websites to Avira WebGuard. Avira’s antivirus solutions detect the malware with virus definition file 7.01.06.111 as TR/Vilsel.iop and TR/Spy.ZBot.9164.1 respectively and protect users from the threat. While the Vilsel Trojan is classified as a fake antivirus solution, the ZBot is an attempt at information theft that spies out access data.
Recipients of this mail should nonetheless delete it immediately and should not open the file attachment or follow the link in the e-mail. For further information, see Avira’s TechBlog and the virus descriptions.
About Avira
Avira is a leading global provider of IT security solutions for professional and private use. With over twenty years of experience, the company is one of the pioneers in this field. As a founder member of the “IT Security made in Germany” association (ITSMIG e.V.), Avira has guaranteed that it will only provide IT security products that leave no room for data espionage.”
The German IT security expert has its headquarters in Tettnang on Lake Constance and maintains several offices throughout the world. Avira employs around 300 people and its Avira AntiVir Personal antivirus protection represents a significant contribution towards security and is used millions of times by private users.
The domestic and international clientele is formed by well known companies listed on the stock exchange, many small and medium-sized companies, as well as educational establishments and government authorities. Apart from protecting the virtual environment, Avira promotes the Auerbach Foundation for greater security in the real world. The Auerbach Foundation supports charitable and social projects, as well as art, culture and science.
Related Posts
No related posts.