Fake Microsoft Outlook Updates Spread Rogue AV

Print Friendly, PDF & Email

Posted by: Barracuda Labs

Yesterday, a Purewire employee received an email claiming to offer an update to his Microsoft Outlook configuration:

From: < redacted >
Date:
Thursday, October 15, 2009 2:12 PM
To:
< redacted >@purewire.com
Subject:
Microsoft Outlook Notification for the < redacted >@purewire.comYou have (6) New Message from Outlook Microsoft

– Please re-configure your Microsoft Outlook Again.
– Download attached setup file and install.

The email was accompanied by a zip file that contained an executable with a business-looking smart phone icon.

 

Install Icon

Instead of a configuration update, the file was actually a malware downloader. When executed, it downloads and installs additional malicious software from the following URL:

hxxp://uvgadferbotario.com/X1j0uHc5Htr8Lw0i4Wv6Jz7Ha

AV detections for the second-stage executable are poor. In this case, the second-stage malware is a brand of Rogue AV software called Antivirus Pro 2010; a screenshot with examples of the different types of bogus alerts it generates.

 

Antivirus Pro 2010

This brand of fraudware is particularly aggressive; its tactics include the production of fake errors (about every 30 minutes) that require the user to either purchase the full version of the software or reboot their system.

Users of the PWSS are protected from this threat.

Scroll to top
Tweet
Share
Share