Cybercriminals impersonate popular security vendors, serve malware

Summary:Security researchers from Websense have intercepted a currently circulating spam campaign, impersonating popular antivirus vendors in an attempt to trick end and corporate users into downloading and executing the malicious attachment.

Security_Vendors_Spam_Malware_Websense

Security researchers from Websense have intercepted a currently circulating spam campaign, impersonating popular antivirus vendors in an attempt to trick end and corporate users into downloading and executing the malicious attachment.

According to Websense, the campaign is low-volume, and is currently impersonating Symantec, F-Secure, Verisign and Sophos.

The malicious payload (MD5: ebb4ac5bb30b93e38a02683e3e7c98c6) is currently detected by 3 out of 42 antivirus scanners as Trojan.Agent/Gen-Banload; TROJ_GEN.R47H1HR.

Upon successful execution, the sample phones back to hxxp://bluemountain-ecards.net/images/loader.php (69.73.138.167), hxxp://asselegis.org.br/images/txt.txt (187.73.33.54), hxxp://basketcoach.com/images/logos/Plugin.dll (94.23.235.157).

Users are advised to avoid interacting with the emails, and to consider reporting them as spam as soon as they come across them.

Find out more about Dancho Danchev at his LinkedIn profile.

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.