You have Rogue Mail!
06 Aug 2010 05:17 PM
Websense Security Labs™ ThreatSeeker™ Network has detected thousands of malicious emails purporting to be from big-brand companies like Target, Macy’s, Best Buy, and Evite.
We blogged about the different attack strategies that malicious authors have been using in their recent tax-themed spam emails yesterday. Today’s malicious emails go back to the fake AV strategy that we last saw two months ago, as we blogged here. All the malicious URLs associated in the emails above redirect to the same fake AV web site. Users are then prompted to run a malicious executable called "antivirus_24.exe" [MD5: 5be4b708a68687cb5490fe2caea49c82], currently detected by 11/42 AV engines.
Fake AV Site:
Adding to virus notification pop-ups in system trays, this “System Update” notification window appears to be the latest addition in their fake AV concoction.
Our real-time analytics proactively identify this threat, and with ThreatSeeker, we get feedback into our email products to block messages containing these URLs. Websense® Messaging and Websense Web Security customers are protected against this attack.