Malware targets corp accounts with faux warning


A new malware is targeting office employees with a fake warning telling the victims to install a fake anti-virus program.

Computer security firm Sophos said the malware’s come-on is an email supposedly from the IT department, claiming a virus is on the loose inside the company.

In broken English, the message claims that an anti-virus program should be downloaded and installed, and provides a link for it.

“Although the link appears to the naked eye to point to a file called antivirus.exe on your company’s own server (for instance, if your company’s website was called example.com it would appear to link to www.example.com/download/antivirus.exe) it really directs your browser to a download on a third-party website,” Sophos said in its blog.

With such techniques, Sophos said the user can be tricked into believing he or she is downloading an approved anti-virus update from his or her company’s IT department – “but you are really fooled into installing a Trojan horse.”

It added the email had been spammed to a number of large companies, but did not elaborate.

Sophos said its anti-virus products detect the malware as Mal/Generic-L and Troj/Inject-QL. — TJD, GMA News

Article source: http://www.gmanews.tv/story/235134/technology/malware-targets-corp-accounts-with-faux-warning

View full post on National Cyber Security » Virus/Malware/Worms

Leave a Reply