We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDownloader:Win32/Renos.HL
Aliases: Pro Antispyware 2009 (other) MS AntiSpyware 2009 (other) W32/DLoader.NYHM (Norman) Mal/FakeAV-AH (Sophos) Win32/Adware.MSAntispyware2009 (ESET) Downloader.MisleadApp (Symantec) Trojan.Fakeavalert (Symantec) Trojan-Downloader.Win32.FraudLoad.dzd (Kaspersky) Generic Downloader.x (McAfee)
Summary
Subject (or similar): Microsoft Alert (Case#: wlTR6Zm)
Windows Net Security Division
Email Ref ID: g9BK0f
This email was not sent by Microsoft and is an attempt to use the current interest and concern over Win32/Conficker in order to persuade users to download and install arbitrary files of the attacker's choice - in this case, Trojan:Win32/Renos.HL and in turn Trojan:Win32/WinSpywareProtect.