Spam e-mail that contain links to malware bearing viruses and Trojans are on the increase, particularly those disguised as legitimate software, security vendors warn.
One common ruse involves the circulation of fake copies of popular software, which infects users' systems upon installation. In a statement Wednesday, Symantec pointed to the example of a "very high profile attack" involving fake versions of Microsoft browser, Internet Explorer 7.
Adobe also recently issued a warning that fake copies of its Flash plugin had been circulated via fake news video pages that prompt users to download the malware.
Ironically, another IT security company Sophos, noted that Symantec itself fell victim to such hoaxes.
Graham Cluley, senior technology consultant at Sophos, warned users of a Trojan horse circulating as a free copy of competing Symantec's Norton AntiVirus 2008 product.
Cluley said in a blog post that users running a search for the string "free antivirus" would be directed, via Google's advertisements, to a "professional-looking Web site" claiming to offer antivirus software for download.
The software offered is infected with a Trojan horse, called Troj/FakeAV-AD, which presents false security alerts and prompts users to divulge their credit card details to purchase a "full version" of the software.
Cluley said in a video posted on his blog that the yellow-themed fake site is made to mimic Symantec's own site in appearance. "This [site] seems to be going to considerable lengths to present itself as a legitimate product," he said.
According to Symantec, there has been an overall rise in spam that points to malicious software, compared to traditional spam that carry merely promotional or marketing product information.
The security vendor said the number of e-mail directing users to malware increased by 9 percent last month, accounting for 27 percent of all spam.
Overall spam levels remained constant in August, where 80 percent of e-mail were spam messages, Symantec said.
Play video
There are currently no comments for this post.