1

Rogue Antispyware Distributed via Spammed E-mails

PC Tools just came across to spammed email that contains a FakeAV sample as a file attachment. The email disguises itself as a postcard received from a family member but is actually an installer of RogueAntiSpyware.XPAntispyware2010 that could do extreme damage to your computer.

The email contains the subject: You’ve received a postcard

And the message body arrives as follows:

Good day.

Your family member has sent you an ecard. If you wish to keep the ecard longer, you may save it on your computer or take a print.To view your ecard, open zip attached file.

It appears that this technique used in distributing this rougue program has been proven effective before as few weeks ago, we’ve spotted another sample file of this fake application being spammed. The email seems to contain an invoice copy coming from United Parcel Service of America and instructs user to open the attachment,invoice.exe, which leads to the installation of RogueAntiSpyware.XPAntispyware2010.

Below is the details of the e-mail:
Subject

UPS Delivery Problem Number 3512

Attachment
invoice.zip

Message Body

Dear customer!Unfortunately we were not able to deliver the postal package which was sent on the 20th of February in time because the addressee’s address is incorrect.Please print out the invoice copy attached and collect the package at our office.United Parcel Service of America.

After executing the file attachement, it will display fake scan and results. Similar to the behavior of other rogue applications, it display several annoying pop-ups and alerts and urges user to buy the program in order to delete the imaginary threats!

As always, PC tools advises PC users to ignore these false alert messages and do not fall into this trick. Regularly update to the latest database via smart update in order to remove this unwanted program as well as the files associated with it.

This entry was posted in Spam. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>