Online Crooks Abusing Google Groups

Investigators from security firm eSoft stated that cyber-criminals are taking advantage of Google Groups for the distribution of malware, particularly fake anti-virus programs, reported ComputerWeekly.com on May 13, 2010.

Apparently, the investigators have been following certain spam campaign that recently exploited Google Groups for disseminating malicious web-links.

This campaign involves a message that asks members of Google Groups to make the configuration of their e-mail up-to-date by referring to the directions provided within a given link. But, the embedded URL actually takes the recipient onto a phony Google Groups web-page, which craftily contaminates the user's computer with a Trojan Downloader.

Curiously, it's easier to detect this Trojan compared to a normal virus. For, as per VirusTotal, 58% of its virus scanning engines found that the program was a malware.

The Trojan Downloader subsequently becomes active and installs a mixture of malicious programs pulled down from multiple sources. These programs include Desktop Security 2010, which is fake anti-virus software. The fake program executes a false computer scan and displays messages that the user's system is infected, following which, it tells him that he can remove the malicious programs by buying a license code.

The criminals further indicate that the user can buy the code for just $89.95 and get the license for lifetime utility. But, during the buying process, users unknowingly hand over personal details, especially their debit/credit card particulars, to cyber crooks.

Besides, an infected user finds that his browser no longer facilitates an Internet access until he has bought the license. This, thus, suggests an element of 'ransomware' at work.

Said eSoft that cybercriminals are commonly abusing community websites such as Windows Live and Google Groups seeking to defeat spam and web filters. However, the company is presently stopping all familiar points of distribution from functioning.

It further stated that it was finding and flagging hijacked Google Groups web-pages as well as stopping access to other websites that the current attack used as malware Distribution Points.

Moreover, according to eSoft, Secure Web Filtering in association with real-time URL searches and granular classifications would most effectively counter the threats in question.

Related article: Online Card Fraud Shows Greater Tendency Than Chip and Pin

» SPAMfighter News - 5/22/2010