AVG Web Threat Update: Week 16

Posted by identity theft tips
April 26, 2012

1. Spreading the Blackhole love on Twitter

 

The AVG Web Threats Research team found this little landmine on Twitter in the last week. We suspect it was planted by a Blackhole operator.

 

 

Clicking on the “free Antivirus” link takes you to the nearly inevitable:

 

And, if an unsuspecting Twitter user is innocent enough to click through the download boxes, the result is a recent rogue clone: Windows Guard Solutions.

 

 

And, that’s not all. The site also is loading exploits in the background so even if the user is smart enough to tell it’s FakeAV they still get nailed with malicious code. AVG LinkScanner warns of two Blackhole features and three rogue features on the site.

If you’re a Tweeter, be aware that clicking on links in Tweets can take you places you really don’t want to go. Use an antivirus product on your PC and use common sense.

 

2. Blackhole-linked spam

 

Operators using the Blackhole exploit kit have been using spam emails to lure potential victims to sites that download malcode. Below are some examples that we’ve investigated:

 

Site impersonated: Apple Store

 

Site impersonated: any bank

 

 

Site impersonated: LinkedIn

 

Site impersonated: PayPal

 

 

Site impersonated: U.S. Bank

 

 

3. Rogue security products clone graphic interfaces

 

The criminals running rogue security product scams have continued cloning their products and renaming their graphic interfaces.  Below are some we’ve seen in the last week:

 

Clone name: Windows Efficiency Reservoir

 

 

Clone name: Windows Cleaning Tools

 

 

Clone name: Windows Component Protector

 

 

Clone name: Windows Warding System

 

 

Clone name: Windows Antivirus Patch

 

 

Clone name: Windows Shielding Utility

 

 

Clone name: Windows Care Taker

 

 

4. Amex Phishing

 

The AVG Web Threats Research Group encountered the below American Express phishing scheme in the last week. The spam email tries to convince American Express users that the email address in their account has been changed and provides a link to fix the problem if the change was not correct (which of course it isn’t).

 

 

The phishing site steals not only the victim’s Amex login information, but Social Security number, mother’s maiden name and credit card data. One big giveaway to the scheme is the fact that the URL of the site is clearly not that of American Express.

 

 

 

 

 

– AVG Threat Research Group

 

Virus News

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.

Comments

No comments yet.

Sorry, the comment form is closed at this time.