Fake F-Secure e-mail contains malware

A Trojan horse has been sent to e-mail addresses disguised as a message from antivirus software vendor F-Secure in Helsinki, Finland, the company said in a statement.

F-Secure said that an unknown attacker sent out thousands of infected e-mails crafted so that they appear to be from a nonexistent F-Secure employee, "David Adams, Dept. Research, F-Secure Development."

The addresses used in the attack include press@f-secure.com, info@f-secure.com and editor@f-secure.com, F-Secure said. The e-mails were not sent from the company's network but were spoofed to look like they were coming from an F-Secure address, the company said.

The e-mails contain a new variant of the Breplibot worm, which F-Secure Anti-Virus detects as W32/Breplibot.ae.

F-Secure said it has taken measures to inform network users about the attack.

According to F-Secure, the e-mails look like this:

From: Mr D Adams < david.adams @ f-secure.com >

Subject: Website Browsing Problem

Hello,

I noticed whilst browsing your site that there were problems with some of your links, when I tried again with Internet Explorer the problems were not there so I assume that they were caused by me using the Mozilla browser.

As more people are turning to alternative browsers now it may be of help for you to know this. I have enclosed a screen capture of the problem so your team can get it fixed if you deem it an issue.

Kind regards,

David Adams

Dept. Research

F-Secure Development

Analysts at antivirus software company Sophos also warned of the Trojan horse spam.

"The Troj/Stinx-U Trojan horse has been seen attached to e-mail messages pretending to come from Helsinki-based F-Secure, and can have a subject line chosen from 'Firefox Browsing Problem,' 'Mozilla Browsing Problem' or 'Website Browsing Problem,' " Sophos said in the statement.

Sophos said that if the attached file is executed, it will trigger the Trojan horse, disabling antivirus and other security software and opening a back door through which hackers can gain access to infected systems.

"It's important to stress that the guys at F-Secure have done nothing wrong," said Graham Cluley, senior technology consultant at Sophos. "They are just the unfortunate victims of Internet criminals using their name as a disguise in an attempt to spread malware. Running the file attached to the e-mail will lower security on the PC and allow hackers to gain access to spy, steal and cause havoc."

Join the newsletter!

Error: Please check your email address.

More about F-SecureMozillaSophos

Show Comments