Fake virus phishing scam targets McAfee

The phishing scam was discovered by rival anti-virus form F-Secure, which published the information on its Web site and said it had warned McAfee about the e-mail.

According to Mikko Hyppönen, chief research officer at F-Secure, the e-mail links to a fake McAfee Web site hosted in Canada.

"The download link gets you a file called ak26xrw-patch-installer-win32.exe - which (surprise, surprise!) is infected with [a Trojan] called Trojan-Downloader.Win32.Hanlo.h. We have warned our colleagues at McAfee about the fake site," wrote Hyppönen in his blog.

Allan Bell, marketing director at McAfee Asia Pacific, told ZDNet Australia  that he is not surprised that the company has been targeted by phishers.

"It is not surprising given the number of places that get targeted by phishing attacks. There are quite a few hoaxes that warn you about viruses that don't exist or tell you to delete files that could damage your computer. In that respect it is not unusual," said Bell.

According to Bell, users should be cautious when dealing with such e-mails, especially because McAfee does send out virus alerts in this way. However, he pointed out that in this particular attack, the phishers have not correctly spoofed an e-mail address used by McAfee's various virus alert services.

Bell said that e-mails from McAfee's alert services for enterprise customers come from AVERT_Advisory@avertlabs.com and subscriptions@mcafee.com for consumers. However, it is possible that these e-mail addresses could also be spoofed.

Fake security alerts have often been used by virus writers and spammers to trick users into opening attachments or clicking on malicious links. Around two years ago the Swen virus caused havoc after it was sent out disguised as a critical patch from Microsoft.