Fake Sophos IDE update malware

Sophos has learned that an email is being sent out that contains a fake Sophos IDE. The subject line of this email is "Update your SOPHOS IDE scanner". If you receive this email, do not take the action it recommends.

The email contains an attachment that appears to be a .rar file. In reality, it is an .exe. At the present time, the filename given is "SOPHOS IDE scanner.rar". Do not run this file, as it will attempt to download malware onto your system.

Genuine Sophos updates should be obtained via the auto-update function of Sophos Anti-Virus, or by visiting http://www.sophos.com/downloads/ide. Identity data (IDEs) are never sent out via email.

The body of the email is as follows:

"Download latest virus identity (IDE) files.

If you are running an older version of Sophos Anti-Virus and do not automatically update your protection, you should download virus identity files (IDEs), which provide detection of viruses, worms, Trojans and spyware.

All the IDEs you need are available in a single compressed file. NOTE: Please RUN the application accordingly."

What to do

If you receive this email, do not run the attached file. It will attempt to load malware onto your system.

Please note that Sophos customers with HIPS enabled are already protected against the threat. The payload of this fake email is now detected as Troj/Spoof-H, published in the genuine spoof-h.ide.