Fake Malware Alert E-mails

It seems that the so-called 'Storm-Worm Gang' has decided to change their social engineering approach again, originally they used fake [and real] news items to get potential victims to infect their computers, they then moved on to using 'Fake e-card notifications' [which I've blogged about several times over the last week or so]. They have now decided to try a new approach [for them anyway], this being using warning e-mails that claim your computer is infected with a virus, worm or trojan.

This is what they tend to look like at the time of writing this:

'Virus' Variant Screen Shot:


'Worm' Variant Screen Shot:


As you can hopefully see these e-mails do not have any attachments, instead they include a link to where the fake 'patch' is hosted. The patch is not a patch at all, but malware. At the time of writing this the malware hosted was a new variant of Tibs, however this will almost certainly be changed over the next week, at least once, maybe more often. This enables the 'Bad Guys and Girls' to evade [or try to] any anti-malware defences that you may have in place.

So far I've seen the following subject lines used:

• Alert!


• ATTN!


• Trojan Detected!


• Virus Activity Detected!


• Virus Alert!


• Virus Detected!


• Warning!


• Worm Activity Detected!


• Worm Alert!


• Worm Detected!

And they have used the following from names [along with random e-mail addresses]:

• Abuse Team Robot


• Administrator


• Customer Support


• Customer Support Center


• Mailer-Deamon


• Postmaster

Expect these e-mails to mutate over the next week or so before the 'Storm-Worm Gang' change tack once more.