NEWS FROM THE LAB - Wednesday, February 1, 2006

press@f-secure.com under attack Posted by Mikko @ 12:46 GMT

There's a mass spamming underway right now. Somebody is sending out thousands of emails spoofed to be from "David Adams, Dept. Research, F-Secure Development (press@f-secure.com)". Some emails were also spoofed from editor@f-secure.com or from info@f-secure.com.

These emails contain a new variant of the Breplibot worm. We're right now shipping detection for it as "Breplibot.ae".

The emails are not sent from our network, they are just spoofed to look like they are coming from a F-Secure address.

This is what the emails looked like:
david adams spoof email