Emails with 30-day trials of McAfee VirusScan Plus contains trojan

July 28, 2010 2 Comments

MX Lab intercepted emails with the subject “McAfee VirusScan Plus” that contains a virus. The from address is in the format “xxx.be Member Services” <support@xxxxx.be> but the real SMTP from address comes primary from the domains rote-rose.com and rotary1918.com at this time of writing.

The body of the email:

Download a FREE 30-day Trial of MCAfee VirusScan Plus and Be Automaticaly Entered to Win

Installation file attached

The email contains the attachment setup.zip that contains the 144 kB large file setup.exe.

The trojan is known as Mal/Behav-321 (Sophos), TROJ_FAKEAV.SMXG (TrendMicro), W32/Trojan3.BWP (Authentium).

VirusTotal permlink and MD5: d3de1f75b8151c284ab04819994c0dc9.

Filed under Viruses Tagged with , , , , ,

2 Responses to Emails with 30-day trials of McAfee VirusScan Plus contains trojan

  1. Van Driver Jobs says:
    July 29, 2010 at 4:58 pm

    Which version of the trial contains the virus sorry?

    And do you have a list of sites that have the trojan infected one?

    Reply
  2. mxlab says:
    July 31, 2010 at 3:59 pm

    > Which version of the trial contains the virus sorry?

    There is no trial attached to the email, it’s a trojan.

    > And do you have a list of sites that have the trojan infected one?

    No, this threath is email based.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers