Security researchers from Sophos warn that a flurry of emails with HTML attachments and random subjects are directing users to scareware websites.It's pretty difficult to describe these rogue emails because there is a lot of randomization involved in generating them.
"
The email address that the malware is sent from changes each time, the subjects appear to be pretty randomly chosen - even the attached filename has a random component," Graham Cluley, a senior technology consultant at Sophos,
notes.
The only common characteristics are that they don't have body messages and the last part of the attachment's name – *_inv.html, where * is a random sequence of five digits.
Some of the subjects observed so far, but not a complete list, are: "Cinema agreement", "equipment list", "This weeks invoice", "demands for payment", "your report", "Please sign and send back to me asap" or "Consultation Appointment".
Unlike a
similar campaign, which used news headlines as subjects and hit people's inboxes last week, there is no obvious pattern in this one.
Users who download and open the HTML attachments in their browsers are taken through a series of redirects until they land on a scareware page.
This website displays fake antivirus scans and claims that malware was found on their computers. It then offers a rogue antivirus program for download, suggesting that it is capable of removing the infections.
Once installed, this application displays more bogus security warnings and asks victims to buy a license key. People who fall for the trick end up paying money for a useless product and compromise their credit card details in the process.
There are free programs like
Malwarebytes' Anti-Malware or
SUPERAntiSpyware, which specialize in removing such threats.
However, if these don't work, you can try a full-fledged antivirus product from one of the leading vendors. All of them offer trial versions that are fully functional for 30 days.
Find us on Google+
