Re: Repeat email attachments from UPS and Fedex
- From: RayLopez99 <raylopez88@xxxxxxxxx>
- Date: Mon, 20 Jun 2011 14:52:40 -0700 (PDT)
On Jun 20, 11:34 pm, FromTheRafters <erra...@xxxxxxxxxxxxxxxxx> wrote:
RayLopez99 wrote:
On Jun 20, 5:11 pm, FromTheRafters<erra...@xxxxxxxxxxxxxxxxx> wrote:
I got one the other day supposedly from UPS--the tracking number was
too short and clearly fake. The Trojan was in a Zip file and
Microsoft Security Essentials caught it.
Don't know why there seems to be a push out to infect people.
RL
It's probably yet another Fake-AV (scareware/rogue security) trojan.
It looks to me like they are expanding on their delivery methods.
So are you saying that people put out fake trojans, that trigger AV
programs but really don't harm your PC?
No, there is a type of scareware that pretends to be a security program
(like a firewall, antimalware, antispyware, or antivirus) and most of
the ones I have seen pretend to be AV software that has found all sorts
or viruses and malware on your machine.
So, I'm just guessing that it is one of those.
It's not a virus or a worm, so it needs some way to get distributed. One
such way is to get a url spammed out that will lead the adventurous to
malware infestation. Other ways are by SEO poisoning or by redirects or
malvertizements.
Not that I'm going to find
out (I simply delete them), but that's a new idea. What would be the
purpose of these fake trojans (if they exist) other than perhaps
scaring people? Or is that the purpose?
Usually I encounter them by way of a script that makes a small browser
window that looks like a messagebox. Clicking on the red X is the same
as clicking the OK button and the script then runs a show for the user
to convince them that a scanner is finding all kinds of malware. Once
the user is offered a "Remove All" button (if you build it, they will
push) the script initiates a download (the trojan). When it is run, it
gives another show and expects the user to part with money in order to
fix the "problem".
The scripts themselves are sometimes heavily obfuscated, but can be
obtained from the browser's temp files (along with other related files).
OK thanks for that detailed response. I've seen this and know what
you are talking about.
BTW I like the feature in Chrome and Firefox of deleting your temp
files when you flush your browser cache--IE (latest version) still has
a problem doing this 100% it seems (always has) since for example if
you sign up in Live.com or Hotmail after flushing the cache in IE your
name still appears as logged on (persistent).
I don't like 'temp' files as you say, and in the past have deleted
stuff that looks temp, though I've stopped doing that since some
installation programs store the CDs or DVDs virtually in a sort of
temp folder for future use (though I use Daemon Lite now to install
all programs that are on DVD)
RL
.
- References:
- Re: Repeat email attachments from UPS and Fedex
- From: RayLopez99
- Re: Repeat email attachments from UPS and Fedex
- From: FromTheRafters
- Re: Repeat email attachments from UPS and Fedex
- From: RayLopez99
- Re: Repeat email attachments from UPS and Fedex
- From: FromTheRafters
- Re: Repeat email attachments from UPS and Fedex
- Prev by Date: Re: Repeat email attachments from UPS and Fedex
- Next by Date: Re: Repeat email attachments from UPS and Fedex
- Previous by thread: Re: Repeat email attachments from UPS and Fedex
- Next by thread: Re: Repeat email attachments from UPS and Fedex
- Index(es):
Relevant Pages
|
