Cybercriminals Using Google Groups as Springboard for Rogue Anti-virus

According to a warning released by security vendor Webroot, Google Groups, a Google service supporting discussion groups, are being attacked by messages related to fake anti-virus software, reported ComputerWeekly.com on January 11, 2010.

These attacks typically exploit Gmail accounts to post short messages in both closed as well as open Google Groups, and have reportedly gained momentum in past few months.

These messages assert to provide "fun videos" (for e.g. a New Year Video), but in reality they install malware on the viewer's PC. The malware has been especially developed to create panic and deceive users of their hard-earned cash. Firstly, a message warning of ActiveX errors comes up on the screen and then the malicious payload is delivered, regardless of the browser in use.

Andrew Brandt, threat expert at Webroot, explained that the rogue links in this assault are created using different URL shortening services like shrtb.us, tmsurl.com or cprn.me. It is noted that spammers prefer these services over the more established services, including TinyURL and bit.ly, as their submission is free from the obligation of facing advanced security checks for spam or other malicious threats, reported softpedia.com on January 12, 2010.

All links first redirect users to distinctive accounts which are hosted at 150m.com, an authentic free Web hosting provider. After that, the requests follows a chain of redirections through several Chinese servers, finally finding the website showing an embedded image that appears like a video - with each and every thing including ratings. Brandt informed that Chinese websites and shortlinks remain in working condition only for at most a day or two.

Webroot stated despite having the name "Personal Security", it is basically imitate of rogue anti-virus called "Antivirus 2009". Moreover, the warnings available in English, German or French will ask users to pay a registration fee before it removes any of the discovered threats.

It is learnt that out of the top 50 most prevalent scareware, 24% were developed in 2009. Scareware scams, typically executed by well-established criminal outfits based in Eastern Europe, have led criminals to earn huge profits. As per the predictions by the security experts, even wider and bigger form of such scams will be seen in 2010.

Related article: Cheburgen.a: A New Email Worm

» SPAMfighter News - 1/20/2010