Malware spammers adopt rogue-AV scare tactics to spread infections

Free malicious software removal tool is the malware.

Criminals are spoofing the email addresses of several well-known antivirus vendors to trick victims into downloading a malicious file that will supposedly remove a non-existent infection purportedly causing their systems to send out infected email.

US security firm Websense said Wednesday it had blocked 2700 emails fitting this description in the past day, describing it as a “low-volume” campaign.

The brands in the batch of malicious spam WebSense detected included Symantec, Sophos, F-Secure, Verisign, and Secure Root. The spoofed email addresses were:,,,,,, and

Like other scareware ruses, recipients are encouraged to click on a link that directs them to download a malicious executable file after a supposed security scan indicates their computers are infected with the non-existent worm, W32.Swizzor.C-WORM.

The spam’s authors claim the link will lead victims to a free malicious software removal tool from the vendor.

The subject header of the spam in the case Websense highlights is: “[Symantec] - Your e-mail account may be blocked”.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts