Trojan virus alert

Posted by:

There’s a nasty Trojan virus going around at the moment (warning taken from latest Computeractive magazine and printed below) and we have recently spent a number of hours removing it from teachers’ laptops and, as you can see, the security implications are considerable.

COMPUTERACTIVE has discovered an attack that fools people into downloading malicious software bymimicking a genuine Microsoft Windows security alert.

The attack is a clever variation on the rogue anti-virus alerts that appear when people are online; this one uses emails purporting tocome from someone the victim knows. Clicking on the link in the email takes the victim to a site with the message: “You are here because one of your friends have [sic] invited you here. Page loading, please wait…”

A fake start-up screen appears with a message saying “Microsoft Security Alert 2012 has found critical process activity on your PC and will perform fast scan [sic] of systems files.”

It then appears as if the computer is being scanned and asecurity alert menu will appear with ‘Remove All’ or ‘Cancel’.

If the person clicks Remove All it downloads a Trojan, which harvests a person’s email contacts. This is how the scam is spreading and wehave received emails from affected readers who have our address in their contacts list.

We have found two sites linked to the scam – the spirit glass and pacificrimisg. Bit defender and F-Secure said that the criminals rent out the sites so other fraudsters can download banking and password-stealingTrojans.

If you have fallen victim to this scam, close the webbrowser and run a full system scan with your security software.

A video of the website in action can be viewed

(Taken from Computeractive Magazine dated 12-25 Apr 2012)

As you can see, the answer is don’t click on any links within e-mails, or open any attachments,  unless you are absolutely sure of their origin – even if you recognise the senders address. If you get infected, do not click ‘Remove all’ – instead close the browser and run a full system scan with your security software (Sophos for those with school laptops).