{"id":72632,"date":"2011-04-13T13:36:37","date_gmt":"2011-04-13T13:36:37","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72632"},"modified":"2011-04-13T13:36:37","modified_gmt":"2011-04-13T13:36:37","slug":"malware-family-chepvil-leads-rogueware-xp-anti-virus-2011","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/malware-family-chepvil-leads-rogueware-xp-anti-virus-2011\/","title":{"rendered":"Malware family &#8220;Chepvil&#8221; leads rogueware &#8220;XP Anti-Virus 2011&#8221;."},"content":{"rendered":"<p>One after another malware family trying to panic user to install fake security application. Now the Chepvil malware which comes via email as an attachment. The email as shown below:<\/p>\n<div>\n<div><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/chepvil_1.jpg\" alt=\"\" width=\"452\" height=\"414\" \/><\/div>\n<div>Email Snip<\/div>\n<\/div>\n<p>The attachment comes with the names doc.zip, details.zip, document.zip. On extracting user gets an executable file with the pdf file icon.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/chepvil_2.jpg\" alt=\"\" width=\"385\" height=\"130\" \/><\/p>\n<p>If user open this execuable it then downloads files pusk.exe\/pusk2.exe\/pusk3.exe. As we can see from the http traffic:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/chepvil_3.jpg\" alt=\"\" width=\"599\" height=\"84\" \/><\/p>\n<p>The file pusk*.exe works as a rogueware application &#8220;XP Anti-Virus 2011&#8221; as shown below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/chepvil_4.jpg\" alt=\"\" width=\"441\" height=\"315\" \/><\/p>\n<p>As usual it displays fake threat messages on the screen and forces the user to register the product<br \/>\nin order to remove these fake threats.<\/p>\n<p>We recommends the user do not open the attachments which comes from unknown sources.<br \/>\nQuick Heal detects the malicious attached file as TrojanDownloader.Chepvil.J.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One after another malware family trying to panic user to install fake security application. Now the Chepvil malware which comes via email as an attachment. The email as shown below: Email Snip The attachment comes with the names doc.zip, details.zip, document.zip. On extracting user gets an executable file with the pdf file icon. If user [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-72632","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72632"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72632"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72632\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}