Home » News » Security » Trojan Purports To Be Alleged Order Confirmation From Avira
Since Sunday evening the popularity of the AntiVir producer Avira has been misused for criminal purposes. The security experts of Avira are warning against spoof virus protection invoices which purport to be based on an alleged online order at Avira/cleverbridge. The misleading messages not only allege a purchase of AntiVir, they also contain a dangerous Trojan concealed in the ZIP file. If users click on the infected attachment, the ‘TR/Dldr.iBill.AJ’ Trojan automatically downloads other files from the Internet onto the computer. Avira therefore urgently recommends deleting these emails immediately without opening them.
Users can identify the fake electronic invoice by the subject line ‘Reference no.: 595169: Your order of Avira GmbH products’ and by the alleged sender ‘cleverbridge/Avira GmbH.’ The text of the message is: ‘Many thanks for your order with cleverbridge. cleverbridge is the partner of Avira GmbH responsible for the order process and payments. Please find attached your cleverbridge reference number. In order to receive immediate, reliable customer service, please always quote this reference number in all correspondence with us with regard to your order. (...)’. The complete message is posted at: http://www.avira.de/de/sicherheits-news/gefaelschten_antivir_emails.html
‘The principle of these attacks is always the same: as with the fake messages circulated at the beginning of this year in the name of the GEZ, 1&1, Ikea and Neckermann, a well-known company name is used as a “main attraction” in order to spread a malicious Trojan ’, explains Tjark Auerbach, the founder and CEO of Avira. ‘Apart from up-to-date anti-virus software, only healthy mistrust can provide protection against these email attacks. As the spoof invoices usually look deceptively genuine, users must not blindly click on such messages. Instead, the recipients of the mail should first check whether they have really ordered anything via the Internet from the supplier mentioned and wait for the corresponding online invoice. Avira customers can easily distinguish between genuine invoices and fake ones: our mails do not contain attachments, as the license file ordered is always included in the body of the mail as a link.
Those who have not ordered Premium or Professional virus protection can safely bin such a message. If the user is still uncertain, he can rest assured that the supplier will contact the buyer again – either by regular mail or by email.’
The Trojan is detected by the private or business version of Avira AntiVir as ‘TR/Dldr.iBill.AJ’ with the following VDF: vdf 6.38.01.19 / ivdf 6.38.01.21. Further information on the Trojan is available from Avira with the following link: http://www.avira.de/de/threats/section/details/id_vir/3611/tr_dldr.ibill.aj.htmlm