1. Spreading the Blackhole love on Twitter
The AVG Web Threats Research team found this little landmine on Twitter in the last week. We suspect it was planted by a Blackhole operator.
Clicking on the “free Antivirus” link takes you to the nearly inevitable:
And, if an unsuspecting Twitter user is innocent enough to click through the download boxes, the result is a recent rogue clone: Windows Guard Solutions.
And, that’s not all. The site also is loading exploits in the background so even if the user is smart enough to tell it’s FakeAV they still get nailed with malicious code. AVG LinkScanner warns of two Blackhole features and three rogue features on the site.
If you’re a Tweeter, be aware that clicking on links in Tweets can take you places you really don’t want to go. Use an antivirus product on your PC and use common sense.
2. Blackhole-linked spam
Operators using the Blackhole exploit kit have been using spam emails to lure potential victims to sites that download malcode. Below are some examples that we’ve investigated:
Site impersonated: Apple Store
Site impersonated: any bank
Site impersonated: LinkedIn
Site impersonated: PayPal
Site impersonated: U.S. Bank
3. Rogue security products clone graphic interfaces
The criminals running rogue security product scams have continued cloning their products and renaming their graphic interfaces. Below are some we’ve seen in the last week:
Clone name: Windows Efficiency Reservoir
Clone name: Windows Cleaning Tools
Clone name: Windows Component Protector
Clone name: Windows Warding System
Clone name: Windows Antivirus Patch
Clone name: Windows Shielding Utility
Clone name: Windows Care Taker
4. Amex Phishing
The AVG Web Threats Research Group encountered the below American Express phishing scheme in the last week. The spam email tries to convince American Express users that the email address in their account has been changed and provides a link to fix the problem if the change was not correct (which of course it isn’t).
The phishing site steals not only the victim’s Amex login information, but Social Security number, mother’s maiden name and credit card data. One big giveaway to the scheme is the fact that the URL of the site is clearly not that of American Express.
– AVG Threat Research Group