14 DAY TRIAL // The McAfee brand is used as an incentive in a mass mailing designed to spread Trojan-Dropper.MSWord.Lafool.v. The name of the Santa Clara security company is attached to a Word document called "McAfee Inc. Reports.doc" providing sufficient leverage to carry out a successful engineering scheme created to convince the potential victims to execute the malicious Word file.
The fact that the messages appear to have been originated by McAfee Europe, judging from the [email protected] address, builds a certain level of trust. The Moscow, Russia-based security outfit Kaspersky has intercepted the mass mailing and consequently issued a warning involving the Trojan-Dropper.MSWord.Lafool.v.
"This mass mailing is unusual as messages appear to be sent from [email protected] and allegedly originated from McAfee, an antivirus company. Kaspersky Lab believes that McAfee is in no way involved in the distribution of this Trojan and that the email address used in the messages ([email protected]) is faked and used in order to cause recipients to open infected messages," stated Kaspersky Lab.
Once on a compromised system, Lafool.v drops a new variant of a password stealing Trojan dubbed LdPinch. "LdPinch steals passwords to a number of services and applications, including AOL Instant Messenger and ICQ, and other confidential user data. Kaspersky Anti-Virus detects the new variant of this program as Trojan-PSW.Win32.LdPinch.bbg," added Kaspersky.