Abnormal Activity From Your IP Alert Email
Email, purporting to be from the "Abuse Team", claims that abnormal activity has been detected from the recipient's IP address and recommends that a patch be installed (Full commentary below
(Received, July 2007)
Subject: Virus Alert!
Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.
We recommend you to install this patch to remove worm files
and stop email sending, otherwise your account will be blocked.
In the wake of recent 4th July
and Postcard from a Family Member
bogus eCard attacks, malware distributors have returned to a tactic
that they used back in April 2007.
Inboxes are currently being hit by "alert" messages that claim that a scanning robot has detected abnormal activity from the recipient's IP address and suggests that the activity is related to a recent email worm "epidemic". The message instructs recipients to click a link to install a patch that will supposedly remove worm files. It warns that the recipient's account may be blocked if the patch is not installed.
However, clicking on the link will lead to a malicious website that will download and install a trojan to the users' computer. Once installed, the trojan may try to connect to the Internet and download other malware components. The link to the supposed patch is disguised using HTML so that it forms a clickable part of the message.
To a user unaware of such tactics, this bogus virus warning email may seem like a legitimate message sent by his or her Internet Service Provider (ISP). Confronted with the news that his or her computer may be infected, the user may rapidly click the link in the message without due caution.
Users should be extremely cautious of any
message that instructs them to install a security update either by following a link or opening an attachment. The fake security patch ruse has been used a number of times in the past to distribute worms and other malware. ISP's and software companies are very unlikely to distribute a security patch via email. Always install updates by using the software vendor's official update procedure.
F-Secure: Fake alert emails
Fake 4th Of July eCards Point to Trojan
Postcard From a Family Member Malware Email
Customer Support Center Robot Worm Email
Last updated: 10th July 2007
First published: 10th July 2007
Write-up by Brett M. Christensen
Fake Microsoft Security Patch Emails
IRS Criminal Probe Scam Emails
Dell Online Store Trojan Email