The Latest in IT Security

AVG Web threat weekly update – Week 48


1. Facebook survey scams – Ashton Kutcher and fake imgur site

The Facebook survey scam pages this week play off the usual celebrity gossip themes. One we’ve seen frequently is the announcement several weeks ago of Demi Moore and Ashton Kutcher’s divorce, with all the lurid details,

And, of course the standard bait, such as phony gift card offers and ANYTHING with the word “teen” and “video” in the headline, continues to circulate.

The scams of course all lead to “surveys” that try to lure web users to bottom-feeder advertising, or worse.

For novice web users, a good rule is to close your browser on any page that requires you to share something to your Facebook account, provide your cell phone number, fill out a survey or sign up for some service before you can view a video.


We also discovered a fake imgur site pushing surveys in order to view videos.  Imgur is a very popular site that offers free image hosting to millions of users a day, serving over thirty terabytes of images daily.



2. NACHA & IRS spam leads to Blackhole exploit kit

Exploit kits – packages of customizable malicious code that scammers use – exploded in popularity in the last year. Recently we’ve been seeing spam email with links that download the Blackhole exploit kit code. The spam tries to convince potential victims to visit malicious URL’s.  The executables that Blackhole downloads can do a large number of things, including installing rogue security products (see below) and logging key strokes in order to snatch bank or other account login information.


Two frequent spam lures we’re seeing is fake correspondence from the Electronic Payments Association NACHA and the IRS.


Internet users should use common sense when responding to email: if it’s from an organization you don’t normally deal with, or it promises money you’re not expecting, don’t open it.


Email isn’t like the game Monopoly – there are no “bank error in your favor” or “get out of jail free” cards.





3. Work-at-home scams


In the past few months we’ve seen the work-at-home scammers using websites that impersonate television news outlets to give their schemes an air of authenticity. Below are two examples. They were initially advertised by spam email messages which included links to “news” sites. Their faux news sites include code that inserts the name of the potential victim’s location to make them look even more authentic.


Again, the best defense against scams such as these is common sense – if it seems to be too good to be true, you can be sure it is.





4. Blackhole exploit kits Rogue installs


The Blackhole exploit kit, which creates a variety of malicious code, is being used currently to download and install the AV Protection 2011 rogue security product.

Rogues, which have been around for a number of years, have been grouped into families and researchers have seen them evolve and change in ways that impersonate real anti-virus products. This one is a bit behind the curve since most rogues are currently trying to pass themselves off as the 2012 versions.


For a good list of current legitimate anti-virus software, see the “about” section of the

VirusTotalweb site: and click on the “credits” tab.



Security Shield is another Rogue being installed by the Blackhole exploit kit.




5. Celebrity social engineering scams for November


Rihanna, Soulja Boy and Kim Kardashian were the names used in the overwhelming majority of social engineering scams we saw in November.



Soulja Boy


Kim Kardashian


Nicki Minaj


Avril Lavigne




Miley Cyrus


Justin Bieber


Lady Gaga


– AVG Threat Research Group

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments