Virus Infection Warning Scam - Bogus Emails Point to Trojan
Email warns recipients that their computers are infected with the Netsky.b worm and advises them to download an update via a link provided (Full commentary below
(Collected online, 2004)
Subject: Attention! Your computer has been infected!
Your computer has been infected with a virus Netsky.b.
In order to avoid losing valuable information we suggest you
to urgently download an update from this link:
Technical assistance of Antivirus Company.
To add a veneer of legitimacy, these scam emails use the name of a real virus, Netsky.b, and the links provided point to legitimate anti-virus companies, including McAfee and Panda AntiVirus.
The emails are very similar in style to those used in the Bank Withdrawal Notification Scam
and, in fact, point to the same trojan. The scammers are obviously intent on infecting as many computers as possible with this trojan and are therefore using at least two types of bogus email message to achieve their aims.
Those who click on the link in the bogus email may inadvertently download a trojan that will automatically be executed on their computer. This trojan is configured to log keystrokes that are entered into specific websites and email the information to the scammers. When a window that contains certain specified title phrases is opened, the key logger begins recording any information that is entered. This information could be passwords, account numbers, and other personal information. The specified title phrases are associated with a number of major financial institutions both in Australia and elsewhere in the world.
Write-up by Brett M. Christensen