Security vendor Sophos is warning of a major spam campaign designed to trick users into downloading fake anti-virus software.
In a blog post, Sophos senior technology consultant Graham Cluley explained that the unsolicited emails arrive with subject lines such as “You're invited to view my photos!”, “Appointment Confirmation”, or “Your Bell e-bill is ready”.
“Opening the attached HTML file, however, redirects your web browser to a hacked web site containing a malicious iFrame [which Sophos detects as Troj/Iframe-FK],” said Cluley.
“This, in turn, loads scripts from other web sites that load a fake anti-virus attack that Sophos detects as Mal/FakeAV-EI.”
This particular fake AV often disguises itself as a bogus version of McAfee VirusScan, warned Cluley.
“So, in this attack, the hackers are using a mixture of human gullibility, poorly protected web sites, and the tried-and-trusted trick of scaring users into believing that they have security problems on their PC to con them into downloading more dangerous software or handing over their credit card details,” he wrote.
Cyber criminals are increasingly looking to scareware of this kind to trick users into parting with their cash. In a new blog post, Symantec Hosted Services noted that fake AV had even infected one of the public access internet connected PCs in an airport terminal.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away