The campaign urges employees to download and install a so-called virus removal tool

Oct 11, 2011 11:59 GMT  ·  By

Once again we are faced with a clever attempt coming from cybercriminals in their mission to spread malicious infections on our computers, this time the spotlight position being taken by an email that seems to be originating from inside your organization.

Thanks to Graham Cluley we learn that we might end up with an email that looks to be coming from our firm's IT staff, alerting us that the company is suffering an infection and we have to download a removal tool that will fix the issue.

The clever thing is that the link contained in the message, pointing to the removal tool, is adapted to look like it's really coming from inside the building, but once it's clicked, it takes the victim to a third-party web location that serves a little something called Backdoor.Win32.Agent.aksn and his Trojan brother Trojan.Inject.ql.

As in most cases, a good anti-virus and a bit of common sense can get you out of trouble.

After reading the first part of the email we can easily conclude that our IT staff is either from the Middle East or not very well educated.

“Just a quick alert to let everyone know that our company have experienced a new kind of virus to web space and personal computer. found that the computer system information leaked, such as in other server information is moving, a few files deleted,” reads the alert.

Finally, to make it more legit, the victim is advised to back up the system databases and contact the IT staff if things are unclear.

It's very important that people who work in large companies know about this as they risk infecting the entire computer network if they install the miracle tool.

Remember never to trust messages coming from outside the firm and even if they seem to be coming from the inside, double-check them before acting. Also, never open attachments contained in suspicious email and make sure you have an updated security solution.