The Latest in IT Security

AVG Web Threat Update: Week 22

06
Jun
2012

1. “Canadian pharmacy” uses phony YouTube video to attract business

The AVG Web Threats Research team this week found a “Canadian pharmacy” site that has loaded up YouTube with phony videos really intended to game search engine results and draw visitors to their site.

A YouTube search for “nail technician schools in Houston” turns up three legitimate hits about schools, then a lot of other interesting results — each linking to pillsrx24.com. That domain was registered by someone in Moscow, Russia, who appears to live in a pleasant residential section near the Academy of Science botanical gardens in the northern suburbs (thanks Google street view.)

Clicking out the first link presents 26 seconds of video from a Fox news piece on the Food and Drug Administration investigation of questionable eye lash conditioner, then a link to a “pharmacy” site where a visitor can allegedly purchase Lumigan, a drug used to treat glaucoma. The video was uploaded by someone using the name “GerardviWomack”.

A Google search for Lumigan, interestingly enough, presents a link to Gerardvi’s/Fox News’ “Eyelash Wars” video.

Oh, and “GerardviWomack”? He posted 21 similar videos on YouTube last month:

Web users, of course, should be aware of the dangers of purchasing drugs from questionable web sites which usually sell phony products or simply exist to steal credit card information. The YouTube videos demonstrate the elaborate lengths to which these untrustworthy operators will go to get their advertising in front of you.

2. Blackhole-linked ransom ware page under construction

This would be funny if ransom ware wasn’t a miserable problem for those who get infected with it. Someone who is writing a ransom ware page that is installed by the Blackhole exploit kit has it “live” while he’s working on it. Notice the text that says “test.”

Two days previous to that view was this:


3. New Rogue GUIs

Below is a sampling of the graphic interface variants, many delivered by the Blackhole exploit kit that we’ve seen in the last week:

Antivirus Protection 2012 rogue

Windows Antivirus Rampart rogue

Windows Guard Tools rogue

Windows Multi Control System rogue

Windows Pro Safety rogue

Windows Safety Maintenance rogue

Windows Ultimate Security Patch rogue

– AVG Threat Research Group

Leave a reply


Categories

MONDAY, DECEMBER 16, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments