Here you have a summary of different email messages with malicious intentions that we’ve detected recently.

On the one hand, we have a phishing message affecting eBay company, and on the other, emails referring to different subjects in order to distribute the rogueware detected as Adware/ProtectionCenter. Its purpose is the same as the other rogueware variants, to deceive users making them think that their computer is infected, so that they purchase the fake antivirus program.

eBay phishing

You receive an email like the one below notifying you that your eBay account has been temporarily suspended and in order to activate it again, you have to run the attached file, which is an HTML file:


When running this file, a website imitating eBay’s is displayed warning users again that their account has been suspended and in order to activate it, you have to click the button “Activate Now”:


If you click this option, you’ll be redirected to http://www.registra<blocked> from which you are requested the data of your eBay account in order to obtain your credentials.

Distribution of ProtectionCenter

We’ve detected the following spam messages with the purpose of distributing ProtectionCenter:

Outlook Setup Notification

These other email informs you that you have pending Outlook messages and you have to configure Outlook again. In order to do so, you have to run and install the attached file, which is none other than Adware/ProtectionCenter:



This other email seems to have been sent by Amazon and is about something you’ve ordered and  attached you have the order details so that you can print them and receive the parcel:


Actually, the attached file contains a copy of Adware/ProtectionCenter.


This other email passes itself off as Twitter and informs you that someone has tried to obtain your credentials to access Twitter and recommends you to download a security module from a certain website:


If this link is followed, you’ll be redirected to Google Groups websites like the following, from which the rogueware is downloaded: