Application security

F-Secure email faked, includes trojan

Thousands of F-Secure users received a bogus email today that claims to be from an employee of the anti-virus vendor but instead contains a trojan.

The spam tells recipients there is something wrong with their website and asks them to click on a .zip link for a picture of the problem. Instead, the link triggers a new variant of the Breplibot worm, known as W32/

"These emails were not sent from F-Secure's network, they were just spoofed to look like they were coming from an F-Secure address," the company said. "F-Secure has taken measures to inform network users about the attack, which has obviously been done to make F-Secure look bad."

The addresses used in the attacks include [email protected], [email protected] and [email protected].

The email reads: "Hello, I noticed whilst browsing your site that there were problems with some of your links, when I tried again with Internet Explorer the problems were not there so I assume that they were caused by me using the Mozilla browser. As more people are turning to alternative browsers now it may be of help for you to know this. I have enclosed a screen capture of the problem so your team can get it fixed if you deem it an issue. Kind regards, David Adams, Dept. Research, F-Secure Development."

F-Secure did not say how many users, if any, fell for the phishing scheme. The company also did not describe the trojan's payload.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.