Malware family “Chepvil” leads rogueware “XP Anti-Virus 2011”.

One after another malware family trying to panic user to install fake security application. Now the Chepvil malware which comes via email as an attachment. The email as shown below:

The attachment comes with the names doc.zip, details.zip, document.zip. On extracting user gets an executable file with the pdf file icon.

If user open this execuable it then downloads files pusk.exe/pusk2.exe/pusk3.exe. As we can see from the http traffic:

The file pusk*.exe works as a rogueware application “XP Anti-Virus 2011” as shown below:

As usual it displays fake threat messages on the screen and forces the user to register the product
in order to remove these fake threats.

We recommends the user do not open the attachments which comes from unknown sources.
Quick Heal detects the malicious attached file as TrojanDownloader.Chepvil.J.