Malicious Email Messages Posing as Antivirus Notifications | ICT Security-Sécurité PC et Internet | Scoop.it
From community.websense.com - August 29, 2012 6:06 AM

Websense® ThreatSeeker® Network intercepted a malicious email campaign posing as antivirus notifications that warn users that their accounts may be blocked.

These fake messages state that the victim's email address has been sending infected email to the mail server, and that the situation may be remedied if the user clicks a URL to download a free removal tool.

 

The "free tool" is, of course, a malicious exectutable that connects to malicious websites, and then drops more executables on the victim's computer.

This looks like a low-volume campaign, as we have seen (and blocked) approximately 2700 of this type of email yesterday and today.


Websense customers are protected from these threats by ACE™, our Advanced Classification Engine.

 

The email may contain a subject like this:

 

[Symantec] - Your e-mail account may be blocked.

The "from" address varies and may appear as:
scanner@symantec.com
scanonline@f-secure.com
symantec@verisign.com
scan@sophos.com
symantec@sophos.com
virscan@secureroot.com
noreply@verisign.com

 

Read more:

http://community.websense.com/blogs/securitylabs/archive/2012/08/28/malicious-e-mails-posing-as-anti-virus-notifications.aspx?cmpid=sltw