Recently, our Honeypot system has detected a new campaign in which bad guys use bogus customer care emails of DHL, a world-famous express company, to spread FakeAV.

Content of the fake email

Still taking advantage of users’ curiosity and “greed”, hackers have sent out emails with attractive content to induce users to open the attached file. Once the file is opened, they have unconsciously “broken open the door” for FakeAV to infect their computer.

Upon infection, FakeAV “threatens” users with fake notifications

The virus (named W32.FakeDHL.Worm by Bkav) downloads FakeAV from a server located in Russia – where the use of computer virus to earn money is raging intensely:

Address to download FakeAV

Ransomware and FakeAV are known as the best at “making money” in malware’s world,  New variants are continually generated as well as upgraded  with new ways to spread. Therefore, while waiting for authorities to build up laws and take specific actions against these phishing forms, you are recommended to actively protect your own computer. Besides being vigilant towards attached files in emails, it’s advisable that you equip your computer with a licensed antivirus program to get regular updates and timely support from experts. Do not try to economize on the amount spent for a licensed software and then lose a much bigger sum of money for bad guys.

Pham Tuan Vu

Malware Researcher

Leave a Reply

Name (required)
Mail (hidden) (required)
Text to Identify

Popup Date Time Portlet

Blogs Aggregator

Recent Posts

Blog Category Portlet


Store Portlet


Vote Baby Portlet