A user notified us about a suspicious link being spread via MSN. Normally we would assume that there’s a new IM-Worm out there, since we’ve had quite a few of them this year.
However, the link itself attracted our attention:
Naturally, anyone who follows information security knows Virus Bulletin: one of the oldest and most respected publications in the AV industry. Getting a VB award is a must for any reputable antivirus.
No, their site has not been hacked. If you read the URL carefully, you’ll notice that the word bulletin is misspelled – bulettin. Moreover, Virus Bulletin can be found on-line at a slightly different URL: www.virusbtn.com.
Most of us only scan URLs at best, and the malicious version is certainly close enough to the real thing to fool people. Virus writers are at it again: masquerading as a respected AV publication is a good way to get people to trust you.
Oh, before I forget… a new version of Backdoor.Win32.Landis is lurking at this link. If you receive this link, don’t click on it. There’s no IM-Worm involved, by the way – Landis sends the link out on command from its owner.
We’ve added detection for this new Trojan to our databases, so update just in case.
Social engineering: the latest chapter