Websense Security Labs are reporting a new spam campaign with emails that appear to come from legitimate concerns (Target, Macy’s, Best Buy, and Evite) but actually contain links to a rogue AV site.
AV coverage of the binary flagged by Websense has rapidly increased in the past few hours, but purveyors of rogue anti-malware are notoriously quick to change binaries to reduce AV detection. The emails are also likely to change over time, but it’s worth taking a look at Websense’s comprehensive blog about what they’re seeing and how they look when they execute, in order to get a flavour of the current attack, and be better able to recognize variations on the same theme.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow