Websense® Security Labs™ has discovered emails that
attempt to lure users to click on a link in order to upgrade their
system security. The emails, which are spoofed from Monster, are
written in HTML and claim that Monster systems have been upgraded and
that users need to download a certified utility to be able to use
Monster.  The domain name that the emails point to are using five
different IP addresses. Upon connecting to one of the IP addresses, the
code is run, several files are downloaded and installed on the user’s
machine, and another file is downloaded and installed from a server in
Denmark. The files appear to be designed to steal end-user information.

Details