Scareware scams come and go but a new one making its way throughout the ICQ instant messaging community has gone above and beyond the traditional tactics to trick people into downloading and paying for a fake AV app that will only cause more harm.
As eSecurity Planet reports, the new scareware campaign uses a legitimate women’s clothing chain as a false front for the illicit operation.
Security software vendor Kaspersky today reports that ICQ users over the past few days have had their sessions interrupted by an “Antivirus 8” pop-up that materializes just as the service begins fetching or displaying new ads.
In reality, these scareware apps are actually the ones responsible for infecting a user’s computer. Once these apps are installed, they then attempt to blackmail victims into paying the $40 or $50 to install the “cure” while simultaneously using the newly infected computer to spread more scareware.
Kaspersky Lab researchers identified the offending page distributing the malware as charlotterusse.eu, a fabricated website designed to look as if it is affiliated with the Charlotte Russe women’s clothing store.
“Going by the added iframe, it looks like this store’s ad server was hacked, right? Not quite. I did some digging around and found that none of these servers — other than charlotterusse.com — actually related to this brand of clothing,” Roel Schouwenberg, a senior malware researcher at Kasperksy wrote in a blog posting.