1. Is FakeAV Dead?

No sooner did the world’s Internet users get the message five or so years ago that they should be running an anti-virus product on their PCs than the dark side jumped in to sell fake products that look and act like real security products.

For the past five or so years, these fake AV (or rogue) products have been huge moneymakers for the scam artists on the Internet, with hundreds of new variants appearing each year to help evade detection and confuse victims.

We’re seeing reports that the fake AV might be fading from the scene. We don’t think so, in only a short amount of time we came up with several examples.

 

Windows Secure Kit 2011

 

Antivirus 2011

 

Please wait! This is important – we check your devices.

 

Scan & Protect

 

Windows Security

 

2. Cloud AV 2012

Blackhole Exploits kits recently started exploiting systems and installing a new rogue antivirus program called Cloud AV 2012. It’s a clone of Open Cloud AV which we previously blogged about.

 

3. Bank of America spam messages lead to Blackhole Exploit Kit

We’re sure that everyone on the planet who uses the Internet – even those living in caves in Afghanistan – are well aware of the flood of malicious spam that tries to snatch logins and other personal information. Recently we found one that impersonates email from the Bank of America and carries a link to a site that runs the Blackhole exploit kit.

 

4. Pharma spam site impersonating CVS

Anyone who has the slightest contact with email is all too familiar with “Canadian Pharmacy” or “penis pill” sites. At one time they seemed to be based inChina, however, now they appear to mostly have a .ru (Russia) country domain.

These scam sites claim to be selling Viagra, Cialis and other prescription medications by mail. No one has ever investigated the vast, vast ocean of these things, but it’s safe to say that IF you purchased prescription medication from them what you probably get will be 1) adulterated pills 2) completely fake pills 3) your credit card info ripped off.

The graphics on these sites usually include photos of scantly dressed men and women as well as male and female physicians in white uniforms with stethoscopes looking young, professional and happy. The females often seem to be smirking, which must be off-putting for potential Viagra customers. There is almost always the word “Canadian” on the page somewhere.

 

Last week, however, we came across one (via spam, of course) that used the logo of the CVS pharmacy chain.

 

 

– AVG Threat Research Group