This morning we detected another spam campaign with the aim of enticing users into downloading and executing a file they believe is a 6 month trial of a product called “Anti-Virus Nero Advanced Pro 2009“. When analyzed further the file is actually a variation of the rouge antivirus application known as AV XP 2008 which has been seen in earlier attacks this month.
When we look at this further it appears the same group behind the attacks that delivered the fake CNN Alerts and MSNBC alerts could have also been behind this latest round as well. Over the last couple of weeks a large number of emails have been sent that in some degree installed the AV XP 2008 (i.e. fake I.E Update, some of the CNN alerts, celebrity videos).
File size: 194560 bytes