AVG Blogs » AVG Web Threat Update: Week 22 http://blogs.avg.com AVG Blogs Fri, 24 May 2013 07:35:38 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 AVG Web Threat Update: Week 22 http://blogs.avg.com/news-threats/avg-web-threat-update-week-22/ http://blogs.avg.com/news-threats/avg-web-threat-update-week-22/#comments Wed, 06 Jun 2012 10:52:46 +0000 TomK http://blogs.avg.com/?p=13975 1.  “Canadian pharmacy” uses phony YouTube video to attract business

The AVG Web Threats Research team this week found a “Canadian pharmacy” site that has loaded up YouTube with phony videos really intended to game search engine results and draw visitors to their site.

 

A YouTube search for “nail technician schools in Houston” turns up three legitimate hits about schools, then a lot of other interesting results — each linking to pillsrx24.com. That domain was registered by someone in Moscow, Russia, who appears to live in a pleasant residential section near the Academy of Science botanical gardens in the northern suburbs (thanks Google street view.)

 

Clicking out the first link presents 26 seconds of video from a Fox news piece on the Food and Drug Administration investigation of questionable eye lash conditioner, then a link to a “pharmacy” site where a visitor can allegedly purchase Lumigan, a drug used to treat glaucoma. The video was uploaded by someone using the name “GerardviWomack”.

 

A Google search for Lumigan, interestingly enough, presents a link to Gerardvi’s/Fox News’ “Eyelash Wars” video.

 

 

Oh, and “GerardviWomack”? He posted 21 similar videos on YouTube last month:

 

 

Web users, of course, should be aware of the dangers of purchasing drugs from questionable web sites which usually sell phony products or simply exist to steal credit card information. The YouTube videos demonstrate the elaborate lengths to which these untrustworthy operators will go to get their advertising in front of you.

 

2. Blackhole-linked ransom ware page under construction

This would be funny if ransom ware wasn’t a miserable problem for those who get infected with it. Someone who is writing a ransom ware page that is installed by the Blackhole exploit kit has it “live” while he’s working on it. Notice the text that says “test.”

 

Two days previous to that view was this:


 

 

3. New Rogue GUIs

 

Below is a sampling of the graphic interface variants, many delivered by the Blackhole exploit kit that we’ve seen in the last week:

 

Antivirus Protection 2012 rogue

 

 

Windows Antivirus Rampart rogue

 

Windows Guard Tools rogue

 

Windows Multi Control System rogue

 

Windows Pro Safety rogue

 

Windows Safety Maintenance rogue

 

Windows Ultimate Security Patch rogue

 

 

 

– AVG Threat Research Group

 

]]> http://blogs.avg.com/news-threats/avg-web-threat-update-week-22/feed/ 0