Another Fake Email install Rogue Software (From Panda Labs Blog)

One of the biggest reasons why TechGeekandMore started came from how many customers I had (and still have) to visit every week to either clean Viruses of PC or (even worse) recover as many files as possible and then re-install Windows.  I wanted a way a to try to alert and educate my customers about how …..

- No African Prince was going give you millions
- Emails that say that they are from a friend or family with that weird-looking attachment could actually be fake
- Hot College Girl……well this one just really doesn’t have much beyond “Don’t do it”.
ETC ETC ETC…….
In those lines a new email starting this week, that has only 1 goal, to trick you into downloading and installing some really nasty software (more of the fake antivirus software).  This new email says that “You have received a postcard”……
The following information comes from PANDALABS blog

The Thousand-Faced Rogue

Mar 5

• Posted on 03/5/10 by Olaiz

We want to inform you of a new flood of email messages that seem to contain a postcard but are actually distributing malware. Concretely, we’ve seen several thousands in a few hours.
It’s not the first time we see emails like this in circulation, as subjects like “ You’ve received a postcard” are very recurrent.
The message is like the following:

The message seems to have been sent by a member of your family through a legal website to download and send postcards, so that users don’t suspect. In order to view the postcard, you have to open the attached file. It’s a file compressed with zip and if you run it, a rogueware program will be installed in your computer, which is different depending on the message and the operating system you have.
The following are some of the names of the fake antivirus that can be installed in your computer if you run this file:
% Antispyware 2010
Antivirus % 2010
% Guardian 2010
% Guardian
% Defender 2010
% Antivirus
% Antivirus 2010
% Antivirus Pro
% Antivirus Pro 2010
% Internet Security
% Internet Security 2010
where % stands for the operating system of the computer in which it is going to be installed. Some examples: XPAntispyware2010, Vista Guardian, Win 7 Antivirus Pro.
Let’s take as an example Antivirus XP 2010 and see the actions it carries out once it has been installed in the computer.
As every rogueware, it starts scanning the system to check if the computer is infected.
Once finished, it displays a list with the malware that has detected in your computer to make you believe that you’ve got a problem and that this program will offer you the solution:

However, all the malware it has detected makes reference to unexisting files, so the only threat you have is the own rogue.
Additionally, it prevents the execution of programs whose window title makes reference to the following programs:
Internet Explorer
Firefox
Several security suites.
When you try to run any of these, a message is displayed informing you that these programs are infected and recommending you to install the fake antivirus to solve the problem.
The following image belongs to the message that is displayed when Firefox is run:

It also contains code to uninstall different security solutions. This way, the computer would be unprotected and the real antivirus programs could not detect it.