Recently, one of our main e-mail accounts received an e-mail with the Subject line:
Thirty Seven 4 LLC Receives 2012 Best of Medina Award
For all practical purposes an e-mail with this Subject line (Thirtyseven4 is located in Medina, OH), sent directly to an organization, would be a time for that company to celebrate its achievements. After all, who wouldn’t mind receiving a copy of the “digital reward image” [pictured below] for marketing purposes.
The picture shown above was accompanied by the following text:
----------------
Earlier this year, I sent a notification email to you recognizing that Thirty Seven 4 LLC has been selected for the 2012 Best of Medina Awards in the Software & CD Rom Sales & Services category by the Medina Award Program committee.
Our selection of your company is a reflection of the hard work of not only yourself, but of many people that have supported your business and contributed to the subsequent success of your organization. Congratulations on joining such an elite group of small businesses.
In recognition of your achievement, we offer a variety of ways for you to help promote your business. You automatically receive the complimentary digital award image from this email and a copy of the press release publicizing the selection of Thirty Seven 4 LLC which is posted on our website. The Medina Award Program hereby grants Thirty Seven 4 LLC a nonexclusive, royalty-free license to use, reproduce, distribute, and display this press release and the digital award image in any media formats and through any media channels.
Questions? Please call us at: 1-888-731-3985 and select option 1.
Changes? If any of your business information is incorrect please let us know.
Sincerely,
Kelly McCartney
Award Committee
----------------------
In order to to receive their award, the business is asked to click on a link to provide updated company information. Harmless enough, right? Wrong.
If a user should click on the link they will be re-directed to a malicious website. Once on the site, a Trojan will automatically install itself on to the system [Thirtyseven4 has detection for this file as "Trojan.Lethic.B"]. The Trojan will prompt a fake security warning on the screen, alerting a user of a bogus threat to their system.
If “OK” is clicked, the Trojan will proceed to download a file under (C:\Documents and Settings\All Users\Application Data\[random directory]\[random filename].exe and install a Fake Security Application on to the system. In this case, the Fake Application is called, “System Progressive Protection”. See below:
Thirtyseven4 detects this file as FraudTool.SysTool.2011, and our free security tools will remove this threat.
The Fake Application will remain and be very problematic to remove until the user goes out and purchases the Fake Software.
| 
