Fake Antivirus Targets Brazil

Fake/rogue antivirus strikes again, this time targeting the users in Brazil. Like in today’s malware trends, it did not come alone.
It initially starts with a spam message:
SUBJECT:
Hello, I am sending you my invitation to the graduation location, date and time
BODY:
Hello, I am sending you my invitation to the graduation location, date and time.
I count on your presence.
We are there,
Abraços …
ATTACHMENT:
ConviteFormatura.pps (52KB)
The malware gets installed once the user opens the attachment—which leads to the malfunction of several executables in the system. The malware is also able to disrupt the normal functions of the Windows shell, consequently resulting in difficulty opening folders.
Attempts to open files created in the programs affected by this malware would result to the display of a fancy error message reassuring the user that there is a solution to the error being experienced. Clicking the said message’s button brings the user to the Brazilian site Byte Clark, which offers yet another fake antivirus by the same name. Users are then advised to purchase the program to restore the system (a routine which therefore qualifies this as ransomware).
Trend Micro detects the fake antivurs as TROJ_FAKEAV.BBH. Running the program only removes the files added by the original malicious attachment. It is also able to collect specific data from (continue reading...)