14 DAY TRIAL // Some cleverly designed emails, purporting to originate from Symantec, have been seen doing the rounds in the past few days. They attempt to trick recipients into downloading a malicious removal tool.
Experts from Websense have analyzed these emails and determined that they seem to come from various spoofed email addresses such as: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] and [email protected].
Although, currently, this is only a low-volume campaign, the official-looking addresses combined with the well-designed notification could easily ensure it a high success rate.
Inside the body of the email there’s a message that reads “Scanning system.” Once this fake scan is complete, a warning notifies the victim that a piece of malware called W32.Swizzor.C-WORM is present on the computer.
The download link that apparently leads to an application that can be utilized to remove the threat serves RemovalTool.exe.
A closer look at the app has revealed that it connects to a command and control server to download other malicious executable files.
We advise users to take a good look at the sample and avoid such emails as much as possible.