Special thanks to Sian John for reporting the scam.
We recently saw some malicious fake antivirus software. Such software often goes by generic names like “Windows Defender” or similar, but this particular software claims to be a Symantec product. An email claims that not only is the recipient infected—all users on the same network are as well. The email uses out-of-date Symantec branding, and links to a malicious application called RemovalTool.exe. Symantec does not produce a tool like this, nor does it email users in this way.
If a user downloads and executes the tool, a dialog box posing as a Java update, appears:
One clue that this is a fake update is that it refers to Sun Microsystems, which developed Java, but was acquired by Oracle several years ago. In addition, the...