F-Secure email faked, includes trojan

By on

Thousands of F-Secure users received a bogus email today that claims to be from an employee of the anti-virus vendor but instead contains a trojan.

The spam tells recipients there is something wrong with their website and asks them to click on a .zip link for a picture of the problem. Instead, the link triggers a new variant of the Breplibot worm, known as W32/Breplibot.ae.

"These emails were not sent from F-Secure's network, they were just spoofed to look like they were coming from an F-Secure address," the company said. "F-Secure has taken measures to inform network users about the attack, which has obviously been done to make F-Secure look bad."

The addresses used in the attacks include press@f-secure.com, info@f-secure.com and editor@f-secure.com.

The email reads: "Hello, I noticed whilst browsing your site that there were problems with some of your links, when I tried again with Internet Explorer the problems were not there so I assume that they were caused by me using the Mozilla browser. As more people are turning to alternative browsers now it may be of help for you to know this. I have enclosed a screen capture of the problem so your team can get it fixed if you deem it an issue. Kind regards, David Adams, Dept. Research, F-Secure Development."

F-Secure did not say how many users, if any, fell for the phishing scheme. The company also did not describe the trojan's payload.

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?