Links sent via email launch sophisticated and convincing phishing attack on Windows users, harvests users' email contacts
Computeractive has uncovered a sophisticated phishing attack that fools people into downloading malicious software by mimicking a genuine Microsoft Windows security alert.
A variation on rogue anti virus software, the email includes a link to a phishing website, which takes the victim to a fake website. The words "You are here because one of your friends have [sic] invited you here. Page loading, please wait..." is shown and a fake Microsoft startup screen loads.
A menu bar appears and says "Microsoft Security Alert 2012 has found critical process activity on your PC and will perform fast [sic] scan of systems files."
It then appears to the victim as if their computer is being scanned in real time. A Windows security alert menu will then pop up with ‘Remove All' or ‘Cancel'.
If the person clicks Remove All, a file called setup.exe is downloaded, which infects the PC with a Trojan that harvests people's email contacts.
A video of the attack has been put online by a Computeractive team member.
"This is a really nasty scam and very convincing. Although it didn't fool me even I was initially taken back by it when I saw it scanning," he said.
We have so far found two domains that are linked to the scam: thespiritglass and pacificrimisg.
Windows users should remember that Microsoft does not send out security alerts by email. Also most browsers and security software should alert people, but we do know that the scam is reasonably successful.
It is being spread via the links sent out in the emails and we are receiving a number of these phishing emails from readers who have been infected because we are in their address book.
We have sent the links to BitDefender and F-Secure for investigation to see if this Trojan is doing anything else and if it opens a back door for other malicious software.
Our advice if you have fallen victim to this scam is to close the web browser window or tab.
Then run a genuine full system scan using your security software and ensure all updates for Windows, the browsers and any third-party software you use are up to date.
Updating your subscription status