Select Page

Something to watch out for:  From F-Secure:

Somebody has lately been seeding emails like the one pictured below.

Obviously, they are not from Symantec. And when you click the link, you end up getting redirected to a web page which will initiate an autodownload of a file called “rxBot.exe”, which is – you guessed it – a variant of the RXBot family.

A mail like this will pass most corporate email filters. There’s no attachment. There’s no masked link either, so phishing filters probably won’t detect it.

Read more here.

(Side note:  Stefan at F-Secure emailed me with a minor inadvertent error on their part — this is actually a variant of Rbot – not Rxbot, and they have a description of this naughty little thing here.)

Alex Eckelberry