[Figure 1 – Fake Rejected Request Email]
Distinctive Spam Email Characteristics
The email contains the Subject: Reqest rejected
The email contains the Body:
--------------------------------------------------------------------------------------------------------
Dear Sirs,
Thank you for your letter!
Unfortunately we can not confirm your request!
More information attached in document below.
Thank you
Best regards.
--------------------------------------------------------------------------------------------------------
File Attachment: EX-38463.pdf.zip
The file EX-38463.pdf.zip contains a file EX-38463.pdf.exe which CA detects as Win32/SillyDl.XRH.
If the file EX-38463.pdf.exe was executed, it will connect to hdjfskh.net to download and execute the file pusk.exe which is a variant of Win32/FakeAV.
The downloaded FakeAV is known using different names as it uses a template to construct its product name based on the infected system’s Windows operating system version.
Below is the format it uses, where
Antispyware 2011 - Antivirus
2011 Guardian 2011 Guardian Defender 2011 Antivirus Antivirus 2011 Antivirus Pro Antivirus Pro 2011 Internet Security Internet Security 2011
[Figure 2 – Fake Windows Security Alert]
[Figure 3 - Fake AV Interface]
[Figure 4 – False System Warning]
[Figure 5 – Fake Registration Window]
[Figure 6 – Fake Warning Message]
Again, we advise users to beware of these kinds of emails, avoid executing attachments coming from unsolicited emails and ensure that your security Products are updated with the latest signatures.
Great spam email, a spam trap/filter would pick this up due to the multi extension which is really annoying when people send me emails that are dated and they do the date like this 12.02.2011 whats wrong with 12/02/2011 or 12-02-2011 . well anyone aht knows anything should recognise that as obvious spam. I like the emails from my bank that im not even part of.
ReplyDelete