Over the weekend, someone wrote to us complaining that Kaspersky Lab was sending spam. Naturally, this came as a bit of a surprise, seeing as how we do nothing of the sort; in fact we do quite the reverse: we combat spam. Of course, we wanted to find out why a user had come to the conclusion that Kaspersky Lab was sending spam to them.
The email that the user complained about had all the hallmarks of a typical online scam: behind the nice pictures reminiscent of Kaspersky Lab’s official advertising there was a link that had absolutely nothing in common with the company’s products. The cybercriminals had done a good job: the email not only looked like an official email from Kaspersky Lab but the “From” field was a good imitation as well.
After clicking the link, a user unwittingly ends up on a website with an offer to buy a program called Best Antivirus Online. It has to be said that the image of the “product box” on the web page was not unlike that of Symantec’s signature design – black font against a predominantly yellow background. To buy the program, the user had to enter their credit card details and email address so they could receive further instructions. We followed these step as part of our investigations, but received no more instructions at the email address we specified. It is quite possible that users could have received more instructions on how to download the fake antivirus at the time the spam was active.
This is not the first time cybercriminals have made use of Kaspersky Lab products. We have noticed on several occasions that the distributors of fake antiviruses have tried to make their “product” interfaces similar to those of KIS or KAV. Spammers distributing offers of cheap software often stress in their emails that Kaspersky Lab’s products are available on their sites at bargain prices.
This level of awareness by the cybercriminals is a clear indication that Kaspersky Lab products are popular and trusted. They are taking advantage of users’ trust in Kaspersky Lab as a social engineering tool, hoping that the familiar green design will lull users into a false sense of security and make them click the malicious link.
It should be noted that not only Kaspersky Lab has attracted the attention of malicious users. A week or so ago, we received similar messages that imitated a mailing from Adobe. The link in the message led to a suspicious-looking “pdf reader”. The site’s template was identical to the template used for Best Antivirus Online, only the color scheme was different. In early October, a similar site was linked to emails with offers to download a new version of iTunes dedicated to Steve Jobs. The color scheme then was completely different, but the site template was the same.
At the time the user wrote to us, Kaspersky Lab products detected both the spam messages and the malicious site distributed in them. But we not only urge users to trust our products but to also be vigilant when surfing the net. And remember: no reputable company would send spam messages!
2011 Dec 02, 18:38
I think one of the most important thing that we can teach people is don't install anything you didn't go to the developer's specific URL to download. People need to realize not to trust things like this. While this is Kaspersky, this relates to all software!