Danger! Fake $50 iTunes certificate carries malware

 

 

Amid all the usual attacks posing as delivery notices from DHL and FedEx this morning, I spotted some malware that had been spammed out posing as an Apple iTunes certificate for $50.

 

The emails read as follows:

Subject: Thank you for buying iTunes Gift Certificate!
From: "iTunes Online Store" <software@itunes.com>
Attached file: iTunes_certificate_997.zip

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.

 

Running the attached malware can infect Windows computers. Clearly the hackers are hoping that in your excitement about receiving a $50 iTunes gift certificate that you will throw caution to the wind and open the attachment.

 

Sophos detects the malware, contained inside a ZIP file, as Troj/BredoZp-AM andMal/FakeAV-BW.

 

 

By Graham Cluley, Sophos

 

Removal tool for Mal/FakeAV-BW, Generic FakeAlert!hr, Packed.Win32.Krap.an (winupdate.exe, exec.exe, ppal.exe, MSe5ad.exe) Malware

 

 

 

 

 

Read more

Scareware hackers exploit McAfee false positive problem

Hackers are exploiting a problem with McAfee’s anti-virus product that has caused hundreds of thousands of computers around the world to repeatedly reboot themselves.

 

The New York Times (and many other news outlets) have reportedon the problems businesses suffered after a detection update issued by McAfee yesterday caused its anti-virus product to mistakenly detect a harmless Windows file, svchost.exe, as “W32/Wecorl.a” and caused computers to become inoperable.

 

To its credit, McAfee is discussing the problem on its online community forum, has apologised, withdrawn the buggy update, and advised customers on how to manually fix the affected computers.

 

But what might be making McAfee’s job of getting reliable information about the false positive problem out to the masses that much harder is that malicious hackers are exploiting the situation.

 

By using blackhat SEO techniques, cybercriminals have managed to get poisoned webpages high in the search rankings if you hunt for information on the McAfee false positive.

If you click on a dangerous link like this then you risk the chance of your computer being hit by a fake anti-virus attack (also known as scareware) which may attempt to con you out of your credit card details or trick you into install malicious code onto your computer.

 

Sophos detects the malware proactively as Mal/FakeAV-BW.

 

The last thing you want to happen if you’re searching for advice on how to fix a problem with the other computers in your company.

 

And it’s not just McAfee’s false alarm problem that these hackers are exploiting. Looking a little deeper at the poisoned domains, allows us to view a cache of hundreds of other pages that this gang have created around a wide range of topics.

Be careful out there folks..

 

 

* Image source: peasap’s Flickr photostream (Creative Commons)

By Graham Cluley, Sophos

 

Removal tool for Suspect-1B!E4800A5BF6F6, Mal/FakeAV-BW (ave.exe) Malware

 

 

 

 

 

Read more

Facebook Password Reset Confirmation emails carry malware

Today I received an email about  Facebook Password Reset Confirmation email with subject :

 

"The Facebook Team" <service@facebook.com>

 

 

and it tells me my facebook password changed for safety reason then they wants me to download the attached document to see the new password and the attachment (Facebook_document_145.zip) it content a virus called :

 

• Mal/FakeAV-BW [Sophos]
• Suspect-1B!E4800A5BF6F6 [McAfee]
• Not Detected  [Kaspersky Lab]
• Not Detected  [Microsoft]

its an EXE file with DOC icon .

 

Be careful with these kind of emails and don’t run any attachments that you don’t trust.

 

To Download the removal tool : (ClickHere)