Home Spam Cybercrooks Spoof FBI In Malevolent Spam Campaigns to Spread Fake Security Program XP Total Security

Cybercrooks Spoof FBI In Malevolent Spam Campaigns to Spread Fake Security Program XP Total Security

Posted: May 10, 2011

Cybercriminals are boldly spoofing the FBI to trick unwary PC users into downloading malicious malware and buying their fake antivirus program, XP Total Security.

A scare-serving email campaign is on the loose and marked with 'High Priority', is jacking the good ole Federal Bureau of Investigation (FBI). Here's a look at the tainted email:

Subject: You visit illegal websites

Body: Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached. pbu bx ng

You might laugh and wonder where's the punch line? Or you might wonder who in their right mind wouldn't see the email as nothing more than spam? Well, cybercriminals are hoping to cash-in on the fears and guilt of unwary PC users who have visited less than savory websites such as porn or even some gaming sites. They study social engineering and mold their scare tactics to lure and bilk humans out of hard earned monies.

Scamming is a billion dollar industry and as evidence by their brand-jacking the FBI, cybercriminals are not bias or prejudice and are willing to do whatever to get a huge piece of your pie. Stealth malware tools like Trojan.Zlob.2.Gen will deceptively gain entry and quietly setup the malicious attack. All the while the PC user doesn't have a clue until bells and whistles go off in the form of alerts and warnings, another ploy by Trojan.Zlob.2.Gen.

FBI spam email spread XP Total Security

When potential victims download the attachment (document.zip), instead of getting the promised list of questions, Trojan.Zlob.2.Gen drops its malicious program onto the victims PCs and triggers a series of fake alerts, scans, and reporting as proof a security breach has occurred.

Midst the assault of pop-ups alerting of an intrusion, some slick-looking interface, XP Total Security, appears of nowhere and runs an unauthorized scan. Unlike the poorly written scam-advert, the interface looks professional since it is modeled after a legitimate Microsoft product design, but just like they spoofed and jacked the FBI, they did the same to Microsoft. XP Total Security is a worthless piece of software and was not designed to protect your data or your PC but to steal it and rob you blind.

The Fake Alerts:

XP Total Security Firewall Alert
XP Total Security has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

When you think about it, not all the alerts are fakes, although all are misleading. Your system has been 'hijacked' and if you try to use your browser you will clearly agree, since you will be forcibly routed to unwanted or malicious websites selling XP Total Security.

You are actually experiencing a 'privacy threat' and 'stealth intrusion' but the enemy is the very thing offering to help you and that is XP Total Security. Do not fall trap and do not buy or download this poisonous software.

Trojan.Zlob.2Gen is behind the deception and tampered with your antimalware (if applicable) so that it would not detect its presence. Trojan.Zlob.2Gen, a variant of Trojan.Zlob, positioned its file to run after your OS but prior to your antimalware, so that it wouldn't even see it. Trojan.Zlob.2Gen also listed its malicious program on the 'approved programs listing' of your firewall security.

Trojan.Zlob.2Gen is a stealth enemy and not only blocked you from using your browser, but also blocked you from using Task Manager so you can't thwart its mission.

The Mission of Trojan.Zlob.2Gen

  1. Steal vital data such as passwords, usernames, bank or credit card information and send to a remote server for sell or other malicious intent.
  2. Spy on surfing habits or track infection rate and report to creator.
  3. Trick victim into buying useless software, XP Total Security, and get them to willingly give credit card or bank information and download malicious files.
  4. Exploit Remote Assistance Tools to give a hacker control to do whatever he pleases, including:
  • Use your PC as a bot to mass spam
  • Use your PC as a bot to distribute a DNS attack
  • Spoof your email account and spam persons in your contact list
  • Download more malicious files for further attacks

Doing nothing will not stop Trojan.Zlob.2Gen from completing its tasks, in fact, you should immediately disconnect any Internet connection until you are certain all traces of Trojan.Zlob2.Gen have been removed from your PC. You should also contact your financial institution and change your security credentials as a safety precaution.

Trojan.Zlob.2Gen may include a rootkit and this allows the vermin to embed its virus in the root of your BIOS or MBR to avoid detection and removal. Unless you are an expert working with system and registry files, you should use expert tools or programs to wipe your system clean, and protect your data and PC from future attacks. Otherwise, you could damage your hard drive and wipe clean your valuable data.