“It's highly important to install this security update due to the new malware circulating over the net,” says in the email. “To complete the action please double click on the system patch KB923029 in the attachment. The installation will run in the silent mode. Please pay attention to this matter and inform us in case there is a problem.”
Unfortunately for those who fall for the trick, the ZIP email attachment actually carries a downloader Trojan that, after contacting a remote server, downloads a Zeus Trojan variant from it and installs it on the victims’ computer. It also creates a new registry key to make Zeus run every time the computer is restarted.
According to Symantec researchers, the spam campaign impersonates a slew of well-known AV companies such as AntiVir, Avast, AVG, Avira, Kaspersky Lab, Trend Micro, Symantec, and others, and offers “updates” for different AV solutions.
Users are advised not to click on links in or download attachments from unsolicited emails, and not to provide any personal information when replying an email. In this particular case, the spelling mistakes in the email point to it being a fake, but users should be wary of this type of emails even if they are written correctly.