Emails with 30-day trials of McAfee VirusScan Plus contains trojan

Bookmark and Share

An emails with the subject "McAfee VirusScan Plus" that contains a virus was intercepted  by Ax3soft. The fake sender address is in the format “xxx.be Member Services” <support@xxxxx.be> but the real SMTP sender address comes primary from the domains rote-rose.com and rotary1918.com at this time of writing.

The body of the email:

Download a FREE 30-day Trial of MCAfee VirusScan Plus and Be Automaticaly Entered to Win

Installation file attached

The email contains the attachment setup.zip that contains the 144 kB large file setup.exe.

The trojan is known as Mal/Behav-321 (Sophos), TROJ_FAKEAV.SMXG (TrendMicro), W32/Trojan3.BWP (Authentium).

How-to's

1. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.

2. We have added some new policies of Ax3soft Sax2 to detect the Trojan, please update the policy basic knowledge of Sax2  in time.

For more information, please visit  http://www.ids-sax2.com/ComputerSecurityNewsletter.htm