1. Just in time for Tax Season

Starting today we began receiving emails from INTUIT at a bankofamerica.com email address (it’s spoofed). These emails notify the recipient of a problem between the IRS and Social Security and ask him to “use the following link” to review the information. The link leads to a Blackhole Exploit kit that will exploit the users PC and install many pieces of malware.


Also in 2012 we continue to see fake BBB and NACHA emails luring users to visit websites that use the Blackhole Exploit Kit.


2. Zeus using high-profile organizations’ names. 

Last week we came across phishing emails that impersonated correspondence from the U. S. Computer Emergency Response Team (US-CERT) that tried to trick victims into opening an infected attachment. The claim was that the attachment was a report of a phishing incident that had been sent to the Anti-Phishing Working Group (APWG).



A similar spam run used the logo of Consolidated Edison. ConEdison provides power to theNew York Cityregion. It attempted to get victims to open an infected attachment (carrying the Zeus bot net malcode) that it claimed was a bill.



3. Facebook Scams


Facebook scams continue to circulate via spam email or via Facebook with improbable gift card offers. Clearly, if it seems too good to be true, it is: a FREE, $500/$1,000 gift card or two free airline tickets? You would have to be very naive to fall for any of these. First they require victims to “like” them on Facebook (to spread the scam) then they then take him down the endless rabbit hole of surveys and affiliate offers.


We found a load of Facebook scam sites being hosted on Amazon Web Services and the images that they called hosted on popular image site Imgur (see below.)



– AVG Threat Research Group

Enhanced by Zemanta