F-Secure’s email addresses are being misused

On Wednesday the 1st of February, an unknown attacker sent out thousands of infected emails. These emails were crafted so that they appeared to be from a non-existant F-Secure employee "David Adams, Dept. Research, F-Secure Development". The addresses used in this attack included "press @ f-secure.com", "info @ f-secure.com", "editor @ f-secure.com". These emails were not sent from F-Secure’s network, they were just spoofed to look like they were coming from an F-Secure address.

These emails contain a new variant of the Breplibot worm. F-Secure Anti-virus detects it as W32/Breplibot.ae.

F-Secure has taken measures to inform network users about the attack, which has obviously been done to make F-Secure look bad.

This is what the emails looked like:

**** Begin sample email ****
From: Mr D Adams < david.adams @ f-secure.com >
Subject: Website Browsing Problem

Hello,

I noticed whilst browsing your site that there were problems with some of your links, when I tried again with Internet Explorer the problems were not there so I assume that they were caused by me using the Mozilla browser.

As more people are turning to alternative browsers now it may be of help for you to know this. I have enclosed a screen capture of the problem so your team can get it fixed if you deem it an issue.

Kind regards,

David Adams
Dept. Research
F-Secure Development
**** End sample email ****

For more information please contact:

F-Secure Corporation
Mikko Hyppönen, Chief Research Officer
Tel. +358 400 648 180