After the blog entry of spam emails impersonating FBI to distribute W32.FakeFBIVariantovLT.Trojan, we have discovered a new fraud software distribution stratagem which uses spam email faking New York State Police. The email, sent from email address at domain name nyc.gov, informs of receiver’s over-speeding at 7:25 am July 5. Following is the request that the receiver prints out the enclosed ticket and sends it to the court in case he wants to plead.
The receiver may even not have been in New York at the mentioned time. He still opens the attachment file due to his desire to plead or just for his curiosity. When being extracted, this file appears with the icon of a PDF file. This is actually a trojan. Once run, this trojan will connect to different addresses and download many other malwares, which lowers the security level of the system.
One of the downloaded malwares is detected as W32.FakeHddRepair.Trojan by Bkav.
Like FakeFBIVariantovLT.Trojan, FakeHddRepair.Trojan constantly displays notifications of hard drive errors:
The fake HDD Repair program interface appears, scans and points out hard drive errors. Accordingly, users need to activate the software to fix these errors.
This fraud scenario is quite familiar: warning users of unreal serious errors in system, offering program interface to fix those errors, of course users have to pay for the license of the software. Once there are important data on their computers, many people will accept to pay an amount to “recover” those data. However, for the most effectiveness and comprehensiveness, users are recommended to use licensed antivirus software with regular virus definition updates.
Nguyen Hung Phu