Fake websites loading fake anti-virus attack

Spam emails that attempt to lure unsuspecting users to fake websites as part of an iFrame attack have been reported this week. The emails have a number of subject names such as ‘Your Bell e-bill is ready’; ‘YourVistaprint Order Is Confirmed’; and ‘You’re invited to view my photos!’. The hackers send these types of emails in the hope that users will open the attachments (it’s the same method as the fake PDF DHL emails we’ve highlighted before). The attachments have names such as ‘Benefit Card Order Receipt’; ‘Tax Invoice’; and so on.

If a user opens the attachment, they are redirected via their default web browser to a hacked website containing the malicious file “Troj/Iframe-FK”. This Trojan loads scripts from other websites that attempt to load a fake anti-virus attack (this is indentified as “Mal/FakeAV-EI”). Mal/FakeAV-EI often can be found disguised as a fake version of the genuine McAfee VirusScan. This type of attack method is known as “scareware”.

You should NEVER try not to open email attachments that you cannot verify – you should be using a sandbox (virtual browser) – this will stop any malicious files from infecting your operating system. I suggest you use anti-virus software and a firewall to protect your PC. In addition you will need to protect your PC from zero-day malware. To STOP zero day attacks and identity theft I suggest you also use anti-malware behavior software in addition to your antivirus. (The links above are external and link only to our website: http://id-theftprotect.com)

Safe surfing folks!


This entry was posted in anti-virus, malware. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *