|
|
|
Links sent via email launch sophisticated and convincing phishing attack on Windows users, harvests users' email contacts
Computeractive has uncovered a sophisticated phishing attack that fools people into downloading malicious software by mimicking a genuine Microsoft Windows security alert.
A variation on rogue anti virus software, the email includes a link to a phishing website, which takes the victim to a fake website. The words "You are here because one of your friends have [sic] invited you here. Page loading, please wait..." is shown and a fake Microsoft startup screen loads.
A menu bar appears and says "Microsoft Security Alert 2012 has found critical process activity on your PC and will perform fast [sic] scan of systems files."
It then appears to the victim as if their computer is being scanned in real time. A Windows security alert menu will then pop up with ‘Remove All' or ‘Cancel'.
If the person clicks Remove All, a file called setup.exe is downloaded, which infects the PC with a Trojan that harvests people's email contacts.
A video of the attack has been put online by a Computeractive team member.
"This is a really nasty scam and very convincing. Although it didn't fool me even I was initially taken back by it when I saw it scanning," he said.
We have so far found two domains that are linked to the scam: thespiritglass and pacificrimisg.
Windows users should remember that Microsoft does not send out security alerts by email. Also most browsers and security software should alert people, but we do know that the scam is reasonably successful.
It is being spread via the links sent out in the emails and we are receiving a number of these phishing emails from readers who have been infected because we are in their address book.
We have sent the links to BitDefender and F-Secure for investigation to see if this Trojan is doing anything else and if it opens a back door for other malicious software.
Our advice if you have fallen victim to this scam is to close the web browser window or tab.
Then run a genuine full system scan using your security software and ensure all updates for Windows, the browsers and any third-party software you use are up to date.
Article tags
Related articles
Facebook is the perfect hunting ground for fraudsters. We take a look at ten of the most prevalent scams on the site
Beware of emails that contain unexplained links, even if they come from a friend's email address. They could lead you to unwittingly install malicious software
Thousands of Apple devices recently suffered a virus infection. We explain how software patches, antivirus scanning tools and more can keep your computer safe
Content Recommendation
Q.Why is Windows Backup skipping files?
Q.Why do my scanned documents display gibberish?
Q.How can I convert MTS files to edit in Windows Movie...
Updating your subscription status 
Stop the government spying on you
Bogus software alert
If you are caught by this it disables your own antivirus software so a full scan is impossible and you can't access the internet to find out any solution. It even disabled a PCTools solution action.
Posted by Len Johnson, 02 Apr 2012
Disabled Antivirus too!
We had this today and got advice from Microsoft as we use their Security Essentials. We had to use Remover tools for all Anti-virus programs we'd ever had on the PC, install Malwarebytes and do a full scan and remove, restart, then reinstall our own anti-virus. It all worked smoothly.
Posted by Sue Thompson, 05 Apr 2012