Multiple antivirus vendors warn of a new spam campaign, which attempts to infect users with malware by passing the malicious attachments as a free trial of the McAfee VirusScan Plus security product. The rogue emails claims that users who install the file are automatically signed up for a contest.
"
Overnight our spam traps intercepted a wave of malicious emails claiming to be a free 30 day trial of McAfee VirusScan," Graham Cluley, senior technology consultant at Sophos,
warns. VirusScan is the old name of McAfee's line of antivirus products, which is now simply called McAfee Antivirus.
The spam emails come with a subject of "
McAfee VirusScan Plus" and read: "
Download a FREE 30-day Trial of MCAfee VirusScan Plus and Be Automaticaly Entered to Win". However, even though the bogus instructions say "download" the user is informed that there's an "
Installation file attached".
The attachment is obviously malicious and McAfee, which also detected the attack, says is a new Bredolab variant. Bredolab is a computer trojan that is constantly used as distribution platform for scareware. That is probably the reason why Sophos detects this threat as Mal/FakeAV-EI, a program from the fake antivirus family of malware.
"
If you are suspicious of misspellings in emails, you might have noticed that both 'MCAfee' and 'Automaticaly' are not correct. Another point is the attachment–we don’t send setup files for our products as email attachments!" Pedro Bueno, malware research scientist at McAfee,
writes on the company's blog.
The practice of abusing the brand names of security vendors or services is not new. Earlier this year we reported about a scareware distribution campaign in which scammers tried to capitalize on the popularity of VirusTotal, a multi-antivirus-engine online file scanning service. Other rogue applications have imitated the graphical user interfaces of well known security products in order to trick users.
The latest trial version of McAfee VirusScan can be downloaded from
here.
You can follow the editor on Twitter @lconstantin
Find us on Google+
No user comments yet.
Be the first to express your opinion!
