On Wednesday the 1st of February, an unknown attacker sent out
thousands of infected emails. These emails were crafted so that
they appeared to be from a non-existant F-Secure employee "David
Adams, Dept. Research, F-Secure Development". The addresses used in
this attack included "press @ f-secure.com", "info @ f-secure.com",
"editor @ f-secure.com". These emails were not sent from F-Secure’s
network, they were just spoofed to look like they were coming from
an F-Secure address.
These emails contain a new variant of the Breplibot worm.
F-Secure Anti-virus detects it as W32/Breplibot.ae.
F-Secure has taken measures to inform network users about the
attack, which has obviously been done to make F-Secure look
bad.
This is what the emails looked like:
**** Begin sample email ****
From: Mr D Adams < david.adams @ f-secure.com >
Subject: Website Browsing Problem
Hello,
I noticed whilst browsing your site that there were problems
with some of your links, when I tried again with Internet Explorer
the problems were not there so I assume that they were caused by me
using the Mozilla browser.
As more people are turning to alternative browsers now it may be
of help for you to know this. I have enclosed a screen capture of
the problem so your team can get it fixed if you deem it an
issue.
Kind regards,
David Adams
Dept. Research
F-Secure Development
**** End sample email ****
For more information please contact:
F-Secure Corporation
Mikko Hyppönen, Chief Research Officer
Tel. +358 400 648 180
