Here’s the latest weekly update from AVG’s Web Threat team, who are busy tracking emerging web threats round the clock.

NACHA transaction-rejection spams, with link to Blackhole exploit kit

US Electronics Payment Association (NACHA), is no stranger to fake spam mail. People are receiving emails claiming that they have had a payment rejected and the email contains a *.pdf.exe zipped attachment. This attachment is a Trojan and will infect the computer if opened.

This week we have started seeing messages spammed out without an attachment, but with instead, a malicious hyperlink.

The hyperlink leads to an iframe.

The iframe loads the Blackhole exploit kit.

Users should be very cautious of hyperlinks found in email messages, especially unsolicited or spam emails.

Blackhole Exploit kits now installing ransomeware.

We also discovered porn-related websites that used the Blackhole exploit kit to install ransomware. When a user visited the websites and selected a video the exploit kit would launch.

After the users system is exploited and the ransomeware Trojan is installed the following notice is displayed.

Here is another example.

The users system is locked at this point and to unlock the system they need to call a phone number and are asked to pay a ransom to access their system again.

Most embarrassing moment ever in Beauty Contest clickjacking.

The latest clickjacking threat is about the “Most embarrassing moment ever in a Beauty Contest”. It’s currently the top clickjacking scheme we are tracking, and as you can see below it is having some success on Facebook.

Users following the link’s provided are shown a page where they can watch a video.

The page is a fake and clicking on the play button will only post the link to the user’s wall.

The user will also be asked to fill out additional surveys giving away their personal information or their cell phone number in return for promises of gift cards.

Return of Rogue fake scan pages (Online Protection).

We recently noticed a drop in reported rogue fake scan page infections in the wake of a crackdown by credit processing agencies. However, this week we are seeing the pages more often again.

The users are presented with a rogue fake scan page that reports that it has found infections on the PC.

After the fake scan concludes users are given the option to repair the PC but will only be able to do so by downloading and installing an *.exe.

This of course is a Trojan and it will install a rogue antivirus product once downloaded

The rogue antivirus product scans the users system finding additional malware that doesn’t exist and will then ask the user to register or pay for the product to provide protection or to remove the malware that doesn’t exist.

Skype voice recorded call lead to fake scan pages.

Another example of a rogue fake scan page starts with a recorded voice call to Skype users.

The recorded voice message instructs the user that their “Computer Protection is not Active” and gives them a URL to visit to update their protection.

If you are worried about any of the above web threats then download AVG Antivirus, it protects users at multiple levels and will have detected all the threats detailed above. For more go to www.avg.com