You are here

Home:Blogs:You have Rogue Mail!
X-Labs
August 6, 2010

You have Rogue Mail!

Forcepoint
Email Security Spam

Websense Security Labs™ ThreatSeeker™ Network has detected thousands of malicious emails purporting to be from big-brand companies like Target, Macy’s, Best Buy, and Evite. 

 

We blogged about the different attack strategies that malicious authors have been using in their recent tax-themed spam emails yesterday.   Today’s malicious emails go back to the fake AV strategy that we last saw two months ago, as we blogged here.  All the malicious URLs associated in the emails above redirect to the same fake AV web site.  Users are then prompted to run a malicious executable called "antivirus_24.exe" [MD5: 5be4b708a68687cb5490fe2caea49c82], currently detected by 11/42 AV engines.

Payload:

 

 

Fake AV Site: 

 

Adding to virus notification pop-ups in system trays, this “System Update” notification window appears to be the latest addition in their fake AV concoction.

 

Our real-time analytics proactively identify this threat, and with ThreatSeeker, we get feedback into our email products to block messages containing these URLs.  Websense® Messaging and Websense Web Security customers are protected against this attack.

Forcepoint

Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.
Learn more about Forcepoint