Setup Notification Leads to Rogue AV

Yet-another-malicious-spam-campaign from Pushdo botnet is filling up our spamtraps again. The subject lines use a "Microsoft Outlook", "Outlook Express" or "The Bat" setup notification theme:

The campaign is malicious in nature and designed to spread installations of a fake anti-virus scanner, otherwise known as scareware. 

The ZIP archive attachment contains as executable file which is the malicious payload. It downloads the fake anti-virus product shown in the screenshot below. 

A curiosity about this campaign is the subject line may provide an Outlook Setup notification but the message body tells you to reconfigure your TheBat email client. This seems to be an amateur mistake on the part of the scammers and should sound alarm bells for most users if they pay close enough attention to the message content.

Yesterday, we received a similar malicious email campaign generated by Pushdo. This earlier campaign used a United Parcel Service of America notification theme with subject lines like this:

The UPS campaign from yesterday delivers the same fake anti-virus payload that we have seen today in the Outlook/TheBat campaign.

Pushdo is currently extremely active and this latest campaign follows a similar pattern to what we have seen before, described here and here.

MailMarshal customers are protected against these campaigns with SpamCensor version 338