14 DAY TRIAL // Websense Security Labs discovered a new spam campaign that encourages users to install a fake patch to remove some viruses from consumers' computers. Even if the systems are 100 percent clean, the email messages are entitled with the "Virus Detected", "Trojan Alert", "Worm Alert" or "Worm Activity Detected" messages. The security company believes the spammers represent the same group that distributed unsolicited email messages on July 4th. However, this new spam campaign encourages users to visit a dangerous website in order to check whether the browser contains security flaws or not.
If the web browser is vulnerable to attacks, the page automatically installs an infected file on users' computers. If not, a pop-up message appears and requires the consumers to manually download and install the file. "If your download does not start in approximately 15 seconds click here to download," the message says.
"Dear Customers, Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have official patches at the moment. We recommed you to install this patch to remove worm files and stop email sending, otherwise your account will be blocked. Customer Support," the unsolicited email says.
As you can see, there are several spelling mistakes in the body of the email that show us the message is not as official as it pretends to be. "Assuming users are running vulnerable browsers, several files will be downloaded and run on there machines and Trojan Horses will be installed. As in the July 4th greeting card attacks there are several versions of the code that are being uploaded by the attackers in order to thwart detection," Websense mentioned in the security advisory.
As usual, you're advised to install a powerful antivirus solution and keep it up-to-date with the latest virus definitions.