Anti-Virus or Pro-Virus?

A new spammed email has been seen in the internet and disguises as a security related email from an Anti-Virus company.


It bears the subject, “Seu computador esta infectado com o virusWorm.267”, which is equivalent to “Its computer is infected with virusWorm.267.” in English. The sender’s address was spoofed to make the email look legitimate. It also references official logos and images from the affected company’s resource server but the sample email below wasn’t able to retrieve the images so it was not displayed properly.


The email is in Portuguese language and uses social engineering technique to convince the recipient to click, download, and execute the malware being pointed to by the embedded malicious link. The malicious link is embedded in a clickable image as seen in the encircled part of the email sample below.



Click to Enlarge


The system of the Symantec Security Check is with the new software of security for the sites and data base of the Windows, also detecting dangerous imperfections that can cause errors in the system. We inform that the updates for the imperfections already are disponiveis for download.

Security
Verifying…
Its computer is infectado with the Worm@bda.267 virus that not only attacks its computer as of all of its list of e-mails, it is protected already, it is easy is enough to clicar in start and to execute download.

To effect the Verificao Click in Start and later Opening.


English Translation courtesy of Babel Fish Translation


The malware being pointed to by the malicious link has been analyzed and given the detection name TSPY_BANKER.BAY.