Virus Masquerades as Symantec Update

August 2006


BitDefender analysts warn of a new virus spreading via an email which masquerades as a Symantec security update.

The e-mail, written in Portuguese, informs the recipients that a new virus is in the wild and advises them to download a removal tool from Symantec. The advertised link actually leads to a fake website and automatically starts the download procedure for an actual virus.

"We are working to fully characterize the virus and trying to track down the author. We are also cooperating with local authorities and the affected provider in shutting down the malicious website. Although BitDefender users are not at risk, we have received reports of infections in the wild, so we are treating this matter with the utmost care" declared Mircea Mitu for BitDefender.

The new virus was detected by BitDefender products pro-actively (without a signature update) as BehavesLike:Win32.SMTP-Mailer, using the patent pending B-HAVE heuristic detection technology and was first spotted on July 24. The e-mail containing the link to the virus was also detected as spam by BitDefender.

UPDATED:

A specific signature has been added and the virus is now known as Trojan.Bakloma.A. A full technical description is available on the BitDefender website.



RELATED INFO:
Trojan.Bakloma.A technical description.
Share This ON: