Malware targets corp accounts with faux warning

A new malware is targeting office employees with a fake warning telling the victims to install a fake anti-virus program. Computer security firm Sophos said the malware's come-on is an email supposedly from the IT department, claiming a virus is on the loose inside the company. In broken English, the message claims that an anti-virus program should be downloaded and installed, and provides a link for it. "Although the link appears to the naked eye to point to a file called antivirus.exe on your company's own server (for instance, if your company's website was called example.com it would appear to link to www.example.com/download/antivirus.exe) it really directs your browser to a download on a third-party website," Sophos said in its blog. With such techniques, Sophos said the user can be tricked into believing he or she is downloading an approved anti-virus update from his or her company's IT department - "but you are really fooled into installing a Trojan horse." It added the email had been spammed to a number of large companies, but did not elaborate. Sophos said its anti-virus products detect the malware as Mal/Generic-L and Troj/Inject-QL. — TJD, GMA News