The Fake McAfee Patch

The hacker hit parade continues as phisherman launched their most recent attack, namely in the form of a fake McAfee patch. This isn't the first time hackers have taken seemingly legitimate names and attached various cyber-criminal activities too them. McAfee is just the latest.













A hat tip goes to the "Fraud, Phishing and Financial Misdeeds Blog for picking up on this one alert from WebSense Security Labs. Here's the statement from their site.

Websense Security Labs has received reports of an email scam disguised as a patch for McAfee products. Users receive a spoofed email message instructing them to click on a link to immediately download and install a patch from McAfee. This patch claims to address a virus that does not exisit. The link in the email takes users to a fraudulent website, that appears to be the legitimate McAfee security site.

The patch hosted on this page is actually a Trojan downloader.

The malicious site is hosted in the United States and was online at the time of this alert.

In the past major companies and organizations have been the target of similar scams. Recently, Sober variants were passed around with IRS, CIA and FBI tags on them. It's also happened large companies like Wal-Mart not to mention eBay, PayPal and who knows how many banks.

Phishing scams are some of the most effective forms of cyber crime because often times, many people feel the emails they receive are legitimate and many actually take the time to fill out the information. A recent study published by AOL said a surprising number of people assume these phishing scams are legitimate and some take the time to fill out the information.

by John Stith

John is a staff writer for SecurityProNews covering cyber security.