Bogus AVG Download Websites Seize Credit Card Details
Websites distributing phony anti-virus have been discovered loading malware onto end-users' PCs to help steal credit card details as also cash after including pay-per-install adware into the spam mails, discloses AVG. SoftPedia, dated October 20, 2011, published this.
Rather than load scareware programs onto unwitting end-users' PCs, cyber-criminals floated legitimate-appearing websites, which apparently promote security items already well-known.
The security researchers state that 3 bogus websites are active that lead visitors onto an online payment form.
If these sites are visited, users will find a window emerging depicting the websites like an AOL's billing.
Users read the message as suggesting for making personal billing and credit card info up-to-date, failing which they'll have their account annulled. So as the victim submits by pressing on "OK," he's led onto one more site that directs him for providing personal credit card information.
And upon doing so, the victim finds another window emerging saying that AOL Billing is currently ready for authenticating his credit card. The message appears again for persuading the end-user that the website represents an authentic AOL Billing site.
Thereafter, the victim encounters another website that asks him for selecting the product scheme after which the notorious web-page requiring the payment shows up. The payment thus made, however, goes to the hackers in addition to the victim's card number, expiration date and CVV.
Moreover, for giving a still more realistic touch to the entire episode, a message within the downward portion of the payment web-page appears stating that the user's IP Address:<XX.XX.XX.XX> has been logged to stop fraud, with a warning that there'll be the fullest prosecution incase of fraud.
Certainly, following the payment as also providing the billing info, it becomes easier for spammers to deliver malware alternatively an edition of the real non-chargeable AVG anti-virus, however, devoid of the already-pledged authentication.
Also, the payment that the victim is necessitated for making to get the AV, in reality, isn't for the AVG's anti-virus product rather for a fee to maintain it every month.
The researchers stated that the actual AV from AVG isn't just free but also includes updates of its signature definitions.
Related article: Bugs Swell In Browsers in 2006
» SPAMfighter News - 28-10-2011