The Latest in IT Security

AVG Web Threat Update: Week 12


1. Email messages impersonating LinkedIn correspondence used as lure to Blackhole sites

Blackhole users have begun using phishing emails that impersonate correspondence from the professional networking site LinkedIn to trick users into going to Blackhole Exploit Kit sites. The links in the phishing emails take the users to an exploit server.

Email subject lines include:

“LinkedIn Reminder from your colleague.”

“LinkedIn Nofitication (sic) service message”

“LinkedIn Reminder”

2. Fake AV delivered by Blackhole changes its name rapidly

AVG web threats analysts are seeing a current rogue security product (called Windows Antivirus 2012 on some of its pop-up windows) changing names frequently in recent weeks:

March 1: Windows Threats Destroyer

March 12: Windows Managing System

March 13: Windows Risk Minimizer

March 15: Windows AntiHazard Solution

March 19: Windows Software Keeper

Web users are sent to sites that download the rogue by pages containing the Blackhole exploit kit.

This is currently detected by LinkScanner as Rogue Scanner (type 1927)

3. Blackhole ransom ware install:

A current ransom ware page delivered by the Blackhole Exploit Kit tries to impersonate the U.S. Dept. of Justice Computer Crime and Intellectual Property Section and extract a $100 “fine,” payable by untraceable Paysafecard.

If the men in suits at the Department of Justice were really coming after you, we’re pretty sure you could expect a knock on the door not a goofy page that locks up your computer.

– AVG Threat Research Group

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments